Re: [Mod-security-developers] Crash in msc_rules_add_file in v3.0.2
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] Crash in msc_rules_add_file in v3.0.2
|
From: Robert P. <rp...@li...> - 2018-07-25 18:17:00
|
Thanks, I'll do that. Bob On Wed, Jul 25, 2018 at 12:00 PM, Robert Paprocki < rpa...@fe...> wrote: > Bob, > > Probably best to open a Github issue at https://github.com/ > Spiderlabs/Modsecurity/issues so this can be tracked? > > On Wed, Jul 25, 2018 at 8:29 AM, Robert Perper <rp...@li...> > wrote: > >> Hi, my name is Bob Perper and I'm a developer here at LiteSpeed >> technologies. We include a connector for ModSecurity v3.0 in our new >> release of OpenLiteSpeed and have an error reported by a customer that when >> we reproduced it, resulted in a crash. >> >> The customer was using the Comodo rulesset and was reporting errors like >> this one: >> >> "/usr/local/lsws/conf/modsec/comodo/05_Global_Exceptions.conf >> failed, ret -1, reason: 'Rules error. File: /usr/local/lsws/conf/modsec/comodo/02_Global_Generic.conf. >> Line: 70. Column: 18. Rule id: 0 is duplicated >> Rules error. File: /usr/local/lsws/conf/modsec/co >> modo/05_Global_Exceptions.conf. Line: 16. Column: 88. Expecting an >> action, got: ,t:none"'." >> >> So we downloaded the Comodo files and tried it on our system with our >> connector and got similar but not exact errors. So we isolated one >> specific file (03_Global_Agents.conf), used it and commented out a long >> line rule (two lines, line 30 and 31), (file is attached). When we run >> openlitespeed in the debugger we call 'msc_rules_add_file' on this file, >> the code crashes in ModSecurity/src/rule.cc:137 >> >> So since we were skeptical about this and figured it might be a bug in >> OpenLiteSpeed. So we installed Open NGINX and using their connector set up >> a similar rule. With the exact same file, it crashed in the same call. >> >> We tried the same action with the master branch and had the same >> results. Feel free to contact me directly if you have any additional >> questions. >> >> Thanks, >> >> -- >> Bob Perper >> rp...@li... >> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> > > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > -- Bob Perper rp...@li... |
