Re: [Mod-security-developers] Bug in msc_multipart.c
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] Bug in msc_multipart.c
|
From: seema d. <see...@gm...> - 2012-07-25 06:54:45
|
Hi Breno,
I was trying to run the regression tests
and"config/10-misc-directives.t:SecWebAppId"was failing sporadically.
Whenever it failed, in the server errors log I saw the following msg
"Audit log: Failed writing (requested 15 bytes, written 0)"
On tracing, I found that during
"config/10-misc-directives.t:SecTmpDir/SecUploadDir/SecUploadKeepFiles"
test, which was before SecWebAppId test, ModSecurity opened a multipart
temp file, wrote some test data and closed it and during cleanup (called
during the reconfiguration of the server to pick up the next test
configuration) it was again trying to close the same file descriptor which
was by then allocated for SecWebAppId test's audit log file.
HTH,
Seema.
On Tue, Jul 24, 2012 at 6:49 PM, Breno Silva <bre...@gm...> wrote:
> Thanks Seema i will take a look.
>
> What kind of effect are you seeing ? any error message ?
>
> Thanks
>
> Breno
>
> On Tue, Jul 24, 2012 at 7:52 AM, seema deepak <see...@gm...>wrote:
>
>> Hi,
>>
>> I came across a bug while using ModSecurity 2.6.5 with our server.
>> Multipart code tries to close the descriptor more than once; once in
>> multipart_process_boundary() and again in multipart_cleanup().
>>
>> Below change in multipart_process_boundary() fixed the issue.
>> ================================
>> --- modsecurity-apache/apache2/msc_multipart.c Fri Jul 20 06:08:39 2012
>> -0700
>> +++ modsecurity-apache/apache2/msc_multipart.c Fri Jul 20 06:11:42 2012
>> -0700
>> @@ -581,6 +581,7 @@
>> &&(msr->mpd->mpp->tmp_file_fd != 0))
>> {
>> close(msr->mpd->mpp->tmp_file_fd);
>> + msr->mpd->mpp->tmp_file_fd = -1;
>> }
>> ================================
>>
>> I don't know if this has already been fixed in the latest version.
>>
>> Thanks and Regards,
>> Seema.
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> mod-security-developers mailing list
>> mod...@li...
>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>> ModSecurity Services from Trustwave's SpiderLabs:
>> https://www.trustwave.com/spiderLabs.php
>>
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> mod-security-developers mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> ModSecurity Services from Trustwave's SpiderLabs:
> https://www.trustwave.com/spiderLabs.php
>
|
