Re: [Mod-security-developers] Make test failed
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] Make test failed
|
From: Pavel M. <pa...@ne...> - 2013-05-22 14:12:57
|
> Could you tell me your libpcre version (compiled and linked) ?
>
> You can run apache and get it in the error.log
The old working one is:
ModSecurity: PCRE compiled version="8.2 "; loaded version="8.02 2010-03-19"
The new broken one is:
ModSecurity: PCRE compiled version="8.2 "; loaded version="8.30 2012-02-04"
debian package: libpcre3:i386 1:8.30-5
> On Wed, May 22, 2013 at 11:02 AM, Breno Silva <bre...@gm...> wrote:
> > Maybe i can replace this test by another regex.
> >
> > On Wed, May 22, 2013 at 10:57 AM, Pavel Mateja <pa...@ne...> wrote:
> >> > I'm testing with an external tool that uses libpcre and it is failing
> >> > to compile this regex too.
> >> > So i'm start thinking (?^ syntax is not supported by libpcre ?
> >>
> >> As I wrote in first email the 2.7.2 was able to run all tests on the
> >> same server running Debian Wheezy. I was just recompiling apache with
> >> modules against new libraries.
> >> It might be problem with newer version of libpcre in Squeeze.
> >> --
> >> Pavel Mateja
> >>
> >> > On Wed, May 22, 2013 at 9:53 AM, Breno Silva <bre...@gm...>
> >>
> >> wrote:
> >> > > Yes. Looks like for some reason the regex is not being compiled.
> >> > >
> >> > > I will investigate it
> >> > >
> >> > > On Wed, May 22, 2013 at 9:47 AM, Pavel Mateja <pa...@ne...>
> >>
> >> wrote:
> >> > >> > You should do:
> >> > >> >
> >> > >> > Make sure there is a core dump area with something like:
> >> > >> > CoreDumpDirectory /tmp
> >> > >> >
> >> > >> > Make sure limits are set to dump core:
> >> > >> > ulimit -c unlimited
> >> > >> >
> >> > >> > Restart and trigger the error. A core file should be in the
> >>
> >> directory
> >>
> >> > >> > you specified.
> >> > >> >
> >> > >> > Then use gdb to get a backtrace:
> >> > >> >
> >> > >> > gdb /path/to/httpd /path/to/core --batch --quiet \
> >> > >> >
> >> > >> > -ex "thread apply all bt full" > backtrace.log
> >> > >>
> >> > >> Hi again. I'm confused.
> >> > >>
> >> > >> The bug is triggered by msc_test forked by make test not httpd.
> >> > >> Just like the
> >> > >> core says:
> >> > >> core: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV),
> >> > >> SVR4-style, from
> >> > >> './msc_test -t op -n rx -p
> >>
> >> (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)
> >>
> >> > >> -D 0
> >> > >> -r'
> >> > >> And gdb complains about right binary:
> >> > >> warning: core file may not match specified executable file.
> >> > >>
> >> > >> I tried to get backtrace against msc_test but I got:
> >> > >> warning: Can't read pathname for load map: Input/output error.
> >> > >> and the backtrace is useless:
> >> > >>
> >> > >> [New LWP 2179]
> >> > >> [Thread debugging using libthread_db enabled]
> >> > >> Using host libthread_db library "/lib/i386-linux-
> >> > >> gnu/i686/nosegneg/libthread_db.so.1".
> >> > >> Core was generated by `./msc_test -t op -n rx -p
> >> > >> (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) -D 0 -r'.
> >> > >> Program terminated with signal 11, Segmentation fault.
> >> > >> #0 0x080561d6 in msre_op_rx_execute ()
> >> > >>
> >> > >> Thread 1 (Thread 0x4046c870 (LWP 2179)):
> >> > >> #0 0x080561d6 in msre_op_rx_execute ()
> >> > >> No symbol table info available.
> >> > >> #1 0x0804c40e in test_op ()
> >> > >> No symbol table info available.
> >> > >> #2 0x0804d9d3 in main ()
> >> > >> No symbol table info available.
> >> > >> --
> >> > >> Pavel Mateja
> >> > >>
> >> > >> > On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...>
> >>
> >> wrote:
> >> > >> > > > Hello Pavel,
> >> > >> > > >
> >> > >> > > > Are you running make CFLAGS=-DMSC_TEST test right ?
> >> > >> > >
> >> > >> > > Yes, I am.
> >> > >> > >
> >> > >> > > > Can you send me your backtrace ?
> >> > >> > >
> >> > >> > > Sure. What exactly do you need?
> >> > >> > >
> >> > >> > > > Thanks
> >> > >> > > >
> >> > >> > > > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung <
> >> > >>
> >> > >> rai...@ki...
> >> > >>
> >> > >> > > >wrote:
> >> > >> > > > > On 22.05.2013 10:22, Pavel Mateja wrote:
> >> > >> > > > > > Hi guys,
> >> > >> > > > > > I've upgraded our debian servers from wheezy to squeeze
> >>
> >> and I
> >>
> >> > >> can't
> >> > >>
> >> > >> > > > > > pass
> >> > >> > > > >
> >> > >> > > > > "make
> >> > >> > > > >
> >> > >> > > > > > test" of modsecurity any more:
> >> > >> > > > > >
> >> > >> > > > > > Loaded 8 tests from ./op/rx.t
> >> > >> > > > > >
> >> > >> > > > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.)
> >> > >> > > > > > 2) op "rx": passed
> >> > >> > > > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.)
> >> > >> > > > > > 4) op "rx": passed (Pattern match "abc" at
> >> > >> > > > > > UNIT_TEST.) 5) op "rx": passed (Pattern match "def"
> >> > >> > > > > > at UNIT_TEST.) 6) op "rx": passed (Pattern match
> >> > >> > > > > > "ghi" at UNIT_TEST.) 7) op "rx": passed
> >> > >> > > > > >
> >> > >> > > > > > ERROR: Failed to create rule for op "rx": Error creating
> >>
> >> rule:
> >> > >> > > > > > Error
> >> > >> > > > >
> >> > >> > > > > compiling
> >> > >> > > > >
> >> > >> > > > > > pattern (offset 2): unrecognized character after (? or
> >> > >> > > > > > (?- Test exited with signal 11.
> >> > >> > > > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p"
> >> > >> > > > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0"
> >>
> >> "-r"
> >>
> >> > >> "1"
> >> > >>
> >> > >> > > > > > 8) op "rx": failed
> >> > >> > > > > >
> >> > >> > > > > > Passed: 7; Failed: 1
> >> > >> > > > > >
> >> > >> > > > > > I've tried version 2.7.2 which passed test on old debian
> >>
> >> and
> >>
> >> > >> latest
> >> > >>
> >> > >> > > > > 2.7.3.
> >> > >> > > > >
> >> > >> > > > > > Both failed on the same place.
> >> > >> > > > > >
> >> > >> > > > > > Compilation parameters were:
> >> > >> > > > > > ./configure --prefix=/apache/modules/
> >> > >>
> >> > >> --with-apxs=/apache/bin/apxs
> >> > >>
> >> > >> > > > > --with-
> >> > >> > > > >
> >> > >> > > > > > apr=/apache/bin/apr-1-config
> >> > >> > > > > > --with-apu=/apache/bin/apu-1-config
> >> > >> > > > >
> >> > >> > > > > --enable-pcre-
> >> > >> > > > >
> >> > >> > > > > > match-limit=50000
> >> > >> > > > > > --enable-pcre-match-limit-recursion=10000
> >> > >> > > > >
> >> > >> > > > > --disable-mlogc
> >> > >> > > > >
> >> > >> > > > > Since it exits with signal 11 it might be related to this
> >>
> >> bug:
> >> > >> > > > > https://github.com/SpiderLabs/ModSecurity/issues/23
> >> > >> > > > >
> >> > >> > > > > It was fixed in this commit
> >>
> >> https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e631
> >>
> >> > >> 7
> >> > >>
> >> > >> > > > > af1680f2a007aead
> >> > >> > > > >
> >> > >> > > > > and should be part of 2.7.2 and later. Maybe the fix didn't
> >> > >> > > > > catch
> >> > >>
> >> > >> all
> >> > >>
> >> > >> > > > > similar situations?
> >> > >> > > > >
> >> > >> > > > > Regards,
> >> > >> > > > >
> >> > >> > > > > Rainer
> >>
> >> ------------------------------------------------------------------------
> >>
> >> > >> -
> >> > >>
> >> > >> > > > > ----- Try New Relic Now & We'll Send You this Cool Shirt
> >> > >> > > > > New Relic is the only SaaS-based application performance
> >> > >>
> >> > >> monitoring
> >> > >>
> >> > >> > > > > service that delivers powerful full stack analytics.
> >> > >> > > > > Optimize and monitor your browser, app, & servers with
> >> > >> > > > > just a few
> >>
> >> lines
> >>
> >> > >> > > > > of
> >> > >>
> >> > >> code.
> >> > >>
> >> > >> > > > > Try New Relic and get this awesome Nerd Life shirt!
> >> > >> > > > > http://p.sf.net/sfu/newrelic_d2d_may
> >> > >> > > > > _______________________________________________
> >> > >> > > > > mod-security-developers mailing list
> >> > >> > > > > mod...@li...
> >> > >>
> >> > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developer
> >> > >> s
> >> > >>
> >> > >> > > > > ModSecurity Services from Trustwave's SpiderLabs:
> >> > >> > > > > https://www.trustwave.com/spiderLabs.php
> >> > >> > >
> >> > >> > > --
> >> > >> > > Pavel Mateja
> >>
> >> ------------------------------------------------------------------------
> >>
> >> > >> -
> >> > >>
> >> > >> > > ----- Try New Relic Now & We'll Send You this Cool Shirt
> >> > >> > > New Relic is the only SaaS-based application performance
> >>
> >> monitoring
> >>
> >> > >> > > service that delivers powerful full stack analytics. Optimize
> >> > >> > > and monitor your browser, app, & servers with just a few lines
> >> > >> > > of
> >>
> >> code.
> >>
> >> > >> Try
> >> > >>
> >> > >> > > New Relic and get this awesome Nerd Life shirt!
> >> > >> > > http://p.sf.net/sfu/newrelic_d2d_may
> >> > >> > > _______________________________________________
> >> > >> > > mod-security-developers mailing list
> >> > >> > > mod...@li...
> >>
> >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> >>
> >> > >> > > ModSecurity Services from Trustwave's SpiderLabs:
> >> > >> > > https://www.trustwave.com/spiderLabs.php
> >>
> >> ------------------------------------------------------------------------
> >>
> >> > >> ------ Try New Relic Now & We'll Send You this Cool Shirt
> >> > >> New Relic is the only SaaS-based application performance monitoring
> >> > >> service
> >> > >> that delivers powerful full stack analytics. Optimize and monitor
> >>
> >> your
> >>
> >> > >> browser, app, & servers with just a few lines of code. Try New
> >> > >> Relic and get this awesome Nerd Life shirt!
> >> > >> http://p.sf.net/sfu/newrelic_d2d_may
> >> > >> _______________________________________________
> >> > >> mod-security-developers mailing list
> >> > >> mod...@li...
> >> > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developer
> >> > >> s ModSecurity Services from Trustwave's SpiderLabs:
> >> > >> https://www.trustwave.com/spiderLabs.php
> >>
> >> ------------------------------------------------------------------------
> >> ------ Try New Relic Now & We'll Send You this Cool Shirt
> >> New Relic is the only SaaS-based application performance monitoring
> >> service
> >> that delivers powerful full stack analytics. Optimize and monitor your
> >> browser, app, & servers with just a few lines of code. Try New Relic
> >> and get this awesome Nerd Life shirt!
> >> http://p.sf.net/sfu/newrelic_d2d_may
> >> _______________________________________________
> >> mod-security-developers mailing list
> >> mod...@li...
> >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> >> ModSecurity Services from Trustwave's SpiderLabs:
> >> https://www.trustwave.com/spiderLabs.php
--
Pavel Mateja
|
