|
From: Ivan R. <iv...@we...> - 2006-03-06 15:34:43
|
Kamil Golombek wrote:
> Hello,
>
> we tried few recommended things, like compilation without optimalization.
> Segmentation fault is still there, but looks little bit different :-(. FYI
> the version of gcc is 3.3.5 20050117 (prerelease) (SUSE Linux). It looks like
> mod_security evaluate request as bad and tries to generate error output and
> errorlog. And at the same moment dies.
Actually, the crash happens (in the Apache code) on the first invocation of
sec_debug_log, when it tries to retrieve the information on the file it needs to
write to. The problem is that r->per_dir_config is NULL. My understanding
is that this must never happen. I also looked through the default
Apache modules - there are no checks whether per_dir_config is NULL
or not in any of them. Practically, any module that invokes:
ap_get_module_config(r->per_dir_config, ...)
(most do) would crash. As it happens, in your case it is mod_security that
runs first.
I could add a bit of code to detect this situation, but if the internal
Apache structures are corrupted, that would only move the crash to
some other location.
--
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall
Apache Security (O'Reilly): http://www.apachesecurity.net
|
