Re: [Mod-security-developers] ModSec + NGINX bug in move_brigade_to_chain
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] ModSec + NGINX bug in move_brigade_to_chain
|
From: Carlos V. <ca...@ta...> - 2014-07-08 21:39:46
|
Great! Sorry for the noise, I thought the merge was done already for 2.8.0. On Tue, Jul 8, 2014 at 7:57 PM, Felipe Costa <FC...@tr...> wrote: > Hi Carlos, > > In the same issue that you have linked, there is a comment pointing to > the "nginx_refactoring" branch where you can find this fix and others. > The branch still in development/test as more minor issues should be fixed > before merge it to our mainline. > > Br., > *Felipe "Zimmerle" Costa* > Security Researcher, SpiderLabs > > *Trustwave* | SMART SECURITY ON DEMAND > www.trustwave.com > > > > From: Carlos Vidal <ca...@ta...> > Reply-To: "mod...@li..." < > mod...@li...> > Date: Tuesday, July 8, 2014 2:20 PM > To: "mod...@li..." < > mod...@li...> > Subject: [Mod-security-developers] ModSec + NGINX bug in > move_brigade_to_chain > > Hi: > > I'm testing ModSec 2.7.5 and 2.8.0 with NGINX and find a problem when > SecResponseBodyAccess is turned on. > > The error is produced by a dangling pointer in move_brigade_to_chain() > (apr_bucket_nginx.c). It has already been reported in March ( > https://github.com/SpiderLabs/ModSecurity/issues/681). > > There are two ngx_alloc_chain_link() in the function, the second is > correct, but the first one does not initialize 'cl->next' before copying it > to the last link (ll). It is enough to add : > > cl->next = NULL; > > just after cl->buf->last_buf = 1. > > This causes crazy behavior as infinite allocation loops and seg-faults. > > > ------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > > > ------------------------------------------------------------------------------ > Open source business process management suite built on Java and Eclipse > Turn processes into business applications with Bonita BPM Community Edition > Quickly connect people, data, and systems into organized workflows > Winner of BOSSIE, CODIE, OW2 and Gartner awards > http://p.sf.net/sfu/Bonitasoft > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
