Re: [Mod-security-developers] ModSec + NGINX bug in move_brigade_to_chain
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] ModSec + NGINX bug in move_brigade_to_chain
|
From: Carlos V. <ca...@ta...> - 2014-07-11 17:26:43
|
Hi Felipe: I have been testing the nginx_refactoring and it works pretty fine for me. I'm using it in front of Zimbra with nginx-1.2.0. I will test it in production this weekend with 20000 accounts, to see what comes out in the audit log. It already blocked several attacks on the development server (php injection stuff). On Tue, Jul 8, 2014 at 11:39 PM, Carlos Vidal <ca...@ta...> wrote: > Great! Sorry for the noise, I thought the merge was done already for 2.8.0. > > > On Tue, Jul 8, 2014 at 7:57 PM, Felipe Costa <FC...@tr...> wrote: > >> Hi Carlos, >> >> In the same issue that you have linked, there is a comment pointing to >> the "nginx_refactoring" branch where you can find this fix and others. >> The branch still in development/test as more minor issues should be fixed >> before merge it to our mainline. >> >> Br., >> *Felipe "Zimmerle" Costa* >> Security Researcher, SpiderLabs >> >> *Trustwave* | SMART SECURITY ON DEMAND >> www.trustwave.com >> >> >> >> From: Carlos Vidal <ca...@ta...> >> Reply-To: "mod...@li..." < >> mod...@li...> >> Date: Tuesday, July 8, 2014 2:20 PM >> To: "mod...@li..." < >> mod...@li...> >> Subject: [Mod-security-developers] ModSec + NGINX bug in >> move_brigade_to_chain >> >> Hi: >> >> I'm testing ModSec 2.7.5 and 2.8.0 with NGINX and find a problem when >> SecResponseBodyAccess is turned on. >> >> The error is produced by a dangling pointer in move_brigade_to_chain() >> (apr_bucket_nginx.c). It has already been reported in March ( >> https://github.com/SpiderLabs/ModSecurity/issues/681). >> >> There are two ngx_alloc_chain_link() in the function, the second is >> correct, but the first one does not initialize 'cl->next' before copying it >> to the last link (ll). It is enough to add : >> >> cl->next = NULL; >> >> just after cl->buf->last_buf = 1. >> >> This causes crazy behavior as infinite allocation loops and seg-faults. >> >> >> ------------------------------ >> >> This transmission may contain information that is privileged, >> confidential, and/or exempt from disclosure under applicable law. If you >> are not the intended recipient, you are hereby notified that any >> disclosure, copying, distribution, or use of the information contained >> herein (including any reliance thereon) is strictly prohibited. If you >> received this transmission in error, please immediately contact the sender >> and destroy the material in its entirety, whether in electronic or hard >> copy format. >> >> >> ------------------------------------------------------------------------------ >> Open source business process management suite built on Java and Eclipse >> Turn processes into business applications with Bonita BPM Community >> Edition >> Quickly connect people, data, and systems into organized workflows >> Winner of BOSSIE, CODIE, OW2 and Gartner awards >> http://p.sf.net/sfu/Bonitasoft >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> > > |
