Re: [Mod-security-developers] Crash in msc_rules_add_file in v3.0.2
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] Crash in msc_rules_add_file in v3.0.2
|
From: Robert P. <rpa...@fe...> - 2018-07-25 16:23:31
|
Bob, Probably best to open a Github issue at https://github.com/Spiderlabs/Modsecurity/issues so this can be tracked? On Wed, Jul 25, 2018 at 8:29 AM, Robert Perper <rp...@li...> wrote: > Hi, my name is Bob Perper and I'm a developer here at LiteSpeed > technologies. We include a connector for ModSecurity v3.0 in our new > release of OpenLiteSpeed and have an error reported by a customer that when > we reproduced it, resulted in a crash. > > The customer was using the Comodo rulesset and was reporting errors like > this one: > > "/usr/local/lsws/conf/modsec/comodo/05_Global_Exceptions.conf failed, > ret -1, reason: 'Rules error. File: /usr/local/lsws/conf/modsec/comodo/02_Global_Generic.conf. > Line: 70. Column: 18. Rule id: 0 is duplicated > Rules error. File: /usr/local/lsws/conf/modsec/ > comodo/05_Global_Exceptions.conf. Line: 16. Column: 88. Expecting an > action, got: ,t:none"'." > > So we downloaded the Comodo files and tried it on our system with our > connector and got similar but not exact errors. So we isolated one > specific file (03_Global_Agents.conf), used it and commented out a long > line rule (two lines, line 30 and 31), (file is attached). When we run > openlitespeed in the debugger we call 'msc_rules_add_file' on this file, > the code crashes in ModSecurity/src/rule.cc:137 > > So since we were skeptical about this and figured it might be a bug in > OpenLiteSpeed. So we installed Open NGINX and using their connector set up > a similar rule. With the exact same file, it crashed in the same call. > > We tried the same action with the master branch and had the same results. > Feel free to contact me directly if you have any additional questions. > > Thanks, > > -- > Bob Perper > rp...@li... > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
