Thread: [Mod-security-developers] Make test failed
Brought to you by:
victorhora,
zimmerletw
From: Pavel M. <pa...@ne...> - 2013-05-22 08:49:37
|
Hi guys, I've upgraded our debian servers from wheezy to squeeze and I can't pass "make test" of modsecurity any more: Loaded 8 tests from ./op/rx.t 1) op "rx": passed (Pattern match "" at UNIT_TEST.) 2) op "rx": passed 3) op "rx": passed (Pattern match "" at UNIT_TEST.) 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.) 5) op "rx": passed (Pattern match "def" at UNIT_TEST.) 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.) 7) op "rx": passed ERROR: Failed to create rule for op "rx": Error creating rule: Error compiling pattern (offset 2): unrecognized character after (? or (?- Test exited with signal 11. Executed: ./msc_test "-t" "op" "-n" "rx" "-p" "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1" 8) op "rx": failed Passed: 7; Failed: 1 I've tried version 2.7.2 which passed test on old debian and latest 2.7.3. Both failed on the same place. Compilation parameters were: ./configure --prefix=/apache/modules/ --with-apxs=/apache/bin/apxs --with- apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config --enable-pcre- match-limit=50000 --enable-pcre-match-limit-recursion=10000 --disable-mlogc -- Pavel Mateja |
From: Rainer J. <rai...@ki...> - 2013-05-22 11:05:56
|
On 22.05.2013 10:22, Pavel Mateja wrote: > Hi guys, > I've upgraded our debian servers from wheezy to squeeze and I can't pass "make > test" of modsecurity any more: > > Loaded 8 tests from ./op/rx.t > 1) op "rx": passed (Pattern match "" at UNIT_TEST.) > 2) op "rx": passed > 3) op "rx": passed (Pattern match "" at UNIT_TEST.) > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.) > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.) > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.) > 7) op "rx": passed > ERROR: Failed to create rule for op "rx": Error creating rule: Error compiling > pattern (offset 2): unrecognized character after (? or (?- > Test exited with signal 11. > Executed: ./msc_test "-t" "op" "-n" "rx" "-p" > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1" > 8) op "rx": failed > Passed: 7; Failed: 1 > > I've tried version 2.7.2 which passed test on old debian and latest 2.7.3. > Both failed on the same place. > > Compilation parameters were: > ./configure --prefix=/apache/modules/ --with-apxs=/apache/bin/apxs --with- > apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config --enable-pcre- > match-limit=50000 --enable-pcre-match-limit-recursion=10000 --disable-mlogc Since it exits with signal 11 it might be related to this bug: https://github.com/SpiderLabs/ModSecurity/issues/23 It was fixed in this commit https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e6317af1680f2a007aead and should be part of 2.7.2 and later. Maybe the fix didn't catch all similar situations? Regards, Rainer |
From: Breno S. <bre...@gm...> - 2013-05-22 12:07:04
|
Hello Pavel, Are you running make CFLAGS=-DMSC_TEST test right ? Can you send me your backtrace ? Thanks On Wed, May 22, 2013 at 8:05 AM, Rainer Jung <rai...@ki...>wrote: > On 22.05.2013 10:22, Pavel Mateja wrote: > > Hi guys, > > I've upgraded our debian servers from wheezy to squeeze and I can't pass > "make > > test" of modsecurity any more: > > > > Loaded 8 tests from ./op/rx.t > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.) > > 2) op "rx": passed > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.) > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.) > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.) > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.) > > 7) op "rx": passed > > ERROR: Failed to create rule for op "rx": Error creating rule: Error > compiling > > pattern (offset 2): unrecognized character after (? or (?- > > Test exited with signal 11. > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p" > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1" > > 8) op "rx": failed > > Passed: 7; Failed: 1 > > > > I've tried version 2.7.2 which passed test on old debian and latest > 2.7.3. > > Both failed on the same place. > > > > Compilation parameters were: > > ./configure --prefix=/apache/modules/ --with-apxs=/apache/bin/apxs > --with- > > apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config > --enable-pcre- > > match-limit=50000 --enable-pcre-match-limit-recursion=10000 > --disable-mlogc > > Since it exits with signal 11 it might be related to this bug: > > https://github.com/SpiderLabs/ModSecurity/issues/23 > > It was fixed in this commit > > > https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e6317af1680f2a007aead > > and should be part of 2.7.2 and later. Maybe the fix didn't catch all > similar situations? > > Regards, > > Rainer > > > ------------------------------------------------------------------------------ > Try New Relic Now & We'll Send You this Cool Shirt > New Relic is the only SaaS-based application performance monitoring service > that delivers powerful full stack analytics. Optimize and monitor your > browser, app, & servers with just a few lines of code. Try New Relic > and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
From: Pavel M. <pa...@ne...> - 2013-05-22 12:32:53
|
> Hello Pavel, > > Are you running make CFLAGS=-DMSC_TEST test right ? Yes, I am. > Can you send me your backtrace ? Sure. What exactly do you need? > Thanks > > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung <rai...@ki...>wrote: > > On 22.05.2013 10:22, Pavel Mateja wrote: > > > Hi guys, > > > I've upgraded our debian servers from wheezy to squeeze and I can't > > > pass > > > > "make > > > > > test" of modsecurity any more: > > > > > > Loaded 8 tests from ./op/rx.t > > > > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.) > > > 2) op "rx": passed > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.) > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.) > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.) > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.) > > > 7) op "rx": passed > > > > > > ERROR: Failed to create rule for op "rx": Error creating rule: Error > > > > compiling > > > > > pattern (offset 2): unrecognized character after (? or (?- > > > Test exited with signal 11. > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p" > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1" > > > > > > 8) op "rx": failed > > > > > > Passed: 7; Failed: 1 > > > > > > I've tried version 2.7.2 which passed test on old debian and latest > > > > 2.7.3. > > > > > Both failed on the same place. > > > > > > Compilation parameters were: > > > ./configure --prefix=/apache/modules/ --with-apxs=/apache/bin/apxs > > > > --with- > > > > > apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config > > > > --enable-pcre- > > > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000 > > > > --disable-mlogc > > > > Since it exits with signal 11 it might be related to this bug: > > > > https://github.com/SpiderLabs/ModSecurity/issues/23 > > > > It was fixed in this commit > > > > > > https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e6317 > > af1680f2a007aead > > > > and should be part of 2.7.2 and later. Maybe the fix didn't catch all > > similar situations? > > > > Regards, > > > > Rainer > > > > > > ------------------------------------------------------------------------- > > ----- Try New Relic Now & We'll Send You this Cool Shirt > > New Relic is the only SaaS-based application performance monitoring > > service that delivers powerful full stack analytics. Optimize and > > monitor your browser, app, & servers with just a few lines of code. Try > > New Relic and get this awesome Nerd Life shirt! > > http://p.sf.net/sfu/newrelic_d2d_may > > _______________________________________________ > > mod-security-developers mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > > ModSecurity Services from Trustwave's SpiderLabs: > > https://www.trustwave.com/spiderLabs.php -- Pavel Mateja |
From: Breno S. <bre...@gm...> - 2013-05-22 12:36:47
|
You should do: Make sure there is a core dump area with something like: CoreDumpDirectory /tmp Make sure limits are set to dump core: ulimit -c unlimited Restart and trigger the error. A core file should be in the directory you specified. Then use gdb to get a backtrace: gdb /path/to/httpd /path/to/core --batch --quiet \ -ex "thread apply all bt full" > backtrace.log On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...> wrote: > > Hello Pavel, > > > > Are you running make CFLAGS=-DMSC_TEST test right ? > > Yes, I am. > > > Can you send me your backtrace ? > > Sure. What exactly do you need? > > > Thanks > > > > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung <rai...@ki... > >wrote: > > > On 22.05.2013 10:22, Pavel Mateja wrote: > > > > Hi guys, > > > > I've upgraded our debian servers from wheezy to squeeze and I can't > > > > pass > > > > > > "make > > > > > > > test" of modsecurity any more: > > > > > > > > Loaded 8 tests from ./op/rx.t > > > > > > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.) > > > > 2) op "rx": passed > > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.) > > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.) > > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.) > > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.) > > > > 7) op "rx": passed > > > > > > > > ERROR: Failed to create rule for op "rx": Error creating rule: Error > > > > > > compiling > > > > > > > pattern (offset 2): unrecognized character after (? or (?- > > > > Test exited with signal 11. > > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p" > > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1" > > > > > > > > 8) op "rx": failed > > > > > > > > Passed: 7; Failed: 1 > > > > > > > > I've tried version 2.7.2 which passed test on old debian and latest > > > > > > 2.7.3. > > > > > > > Both failed on the same place. > > > > > > > > Compilation parameters were: > > > > ./configure --prefix=/apache/modules/ --with-apxs=/apache/bin/apxs > > > > > > --with- > > > > > > > apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config > > > > > > --enable-pcre- > > > > > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000 > > > > > > --disable-mlogc > > > > > > Since it exits with signal 11 it might be related to this bug: > > > > > > https://github.com/SpiderLabs/ModSecurity/issues/23 > > > > > > It was fixed in this commit > > > > > > > > > > https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e6317 > > > af1680f2a007aead > > > > > > and should be part of 2.7.2 and later. Maybe the fix didn't catch all > > > similar situations? > > > > > > Regards, > > > > > > Rainer > > > > > > > > > > ------------------------------------------------------------------------- > > > ----- Try New Relic Now & We'll Send You this Cool Shirt > > > New Relic is the only SaaS-based application performance monitoring > > > service that delivers powerful full stack analytics. Optimize and > > > monitor your browser, app, & servers with just a few lines of code. Try > > > New Relic and get this awesome Nerd Life shirt! > > > http://p.sf.net/sfu/newrelic_d2d_may > > > _______________________________________________ > > > mod-security-developers mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > > > ModSecurity Services from Trustwave's SpiderLabs: > > > https://www.trustwave.com/spiderLabs.php > -- > Pavel Mateja > > > ------------------------------------------------------------------------------ > Try New Relic Now & We'll Send You this Cool Shirt > New Relic is the only SaaS-based application performance monitoring service > that delivers powerful full stack analytics. Optimize and monitor your > browser, app, & servers with just a few lines of code. Try New Relic > and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
From: Breno S. <bre...@gm...> - 2013-05-22 12:37:13
|
Could you also send me your error.log? On Wed, May 22, 2013 at 9:36 AM, Breno Silva <bre...@gm...> wrote: > You should do: > > Make sure there is a core dump area with something like: > > CoreDumpDirectory /tmp > > Make sure limits are set to dump core: > > ulimit -c unlimited > > Restart and trigger the error. A core file should be in the directory > you specified. > > Then use gdb to get a backtrace: > > gdb /path/to/httpd /path/to/core --batch --quiet \ > -ex "thread apply all bt full" > backtrace.log > > > On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...> wrote: > >> > Hello Pavel, >> > >> > Are you running make CFLAGS=-DMSC_TEST test right ? >> >> Yes, I am. >> >> > Can you send me your backtrace ? >> >> Sure. What exactly do you need? >> >> > Thanks >> > >> > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung <rai...@ki... >> >wrote: >> > > On 22.05.2013 10:22, Pavel Mateja wrote: >> > > > Hi guys, >> > > > I've upgraded our debian servers from wheezy to squeeze and I can't >> > > > pass >> > > >> > > "make >> > > >> > > > test" of modsecurity any more: >> > > > >> > > > Loaded 8 tests from ./op/rx.t >> > > > >> > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.) >> > > > 2) op "rx": passed >> > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.) >> > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.) >> > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.) >> > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.) >> > > > 7) op "rx": passed >> > > > >> > > > ERROR: Failed to create rule for op "rx": Error creating rule: Error >> > > >> > > compiling >> > > >> > > > pattern (offset 2): unrecognized character after (? or (?- >> > > > Test exited with signal 11. >> > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p" >> > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1" >> > > > >> > > > 8) op "rx": failed >> > > > >> > > > Passed: 7; Failed: 1 >> > > > >> > > > I've tried version 2.7.2 which passed test on old debian and latest >> > > >> > > 2.7.3. >> > > >> > > > Both failed on the same place. >> > > > >> > > > Compilation parameters were: >> > > > ./configure --prefix=/apache/modules/ --with-apxs=/apache/bin/apxs >> > > >> > > --with- >> > > >> > > > apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config >> > > >> > > --enable-pcre- >> > > >> > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000 >> > > >> > > --disable-mlogc >> > > >> > > Since it exits with signal 11 it might be related to this bug: >> > > >> > > https://github.com/SpiderLabs/ModSecurity/issues/23 >> > > >> > > It was fixed in this commit >> > > >> > > >> > > >> https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e6317 >> > > af1680f2a007aead >> > > >> > > and should be part of 2.7.2 and later. Maybe the fix didn't catch all >> > > similar situations? >> > > >> > > Regards, >> > > >> > > Rainer >> > > >> > > >> > > >> ------------------------------------------------------------------------- >> > > ----- Try New Relic Now & We'll Send You this Cool Shirt >> > > New Relic is the only SaaS-based application performance monitoring >> > > service that delivers powerful full stack analytics. Optimize and >> > > monitor your browser, app, & servers with just a few lines of code. >> Try >> > > New Relic and get this awesome Nerd Life shirt! >> > > http://p.sf.net/sfu/newrelic_d2d_may >> > > _______________________________________________ >> > > mod-security-developers mailing list >> > > mod...@li... >> > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> > > ModSecurity Services from Trustwave's SpiderLabs: >> > > https://www.trustwave.com/spiderLabs.php >> -- >> Pavel Mateja >> >> >> ------------------------------------------------------------------------------ >> Try New Relic Now & We'll Send You this Cool Shirt >> New Relic is the only SaaS-based application performance monitoring >> service >> that delivers powerful full stack analytics. Optimize and monitor your >> browser, app, & servers with just a few lines of code. Try New Relic >> and get this awesome Nerd Life shirt! >> http://p.sf.net/sfu/newrelic_d2d_may >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> > > |
From: Breno S. <bre...@gm...> - 2013-05-22 12:41:22
|
Oops you should change the binary to msc_test :) On Wed, May 22, 2013 at 9:37 AM, Breno Silva <bre...@gm...> wrote: > Could you also send me your error.log? > > > On Wed, May 22, 2013 at 9:36 AM, Breno Silva <bre...@gm...>wrote: > >> You should do: >> >> Make sure there is a core dump area with something like: >> >> CoreDumpDirectory /tmp >> >> Make sure limits are set to dump core: >> >> ulimit -c unlimited >> >> Restart and trigger the error. A core file should be in the directory >> you specified. >> >> Then use gdb to get a backtrace: >> >> gdb /path/to/httpd /path/to/core --batch --quiet \ >> -ex "thread apply all bt full" > backtrace.log >> >> >> On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...> wrote: >> >>> > Hello Pavel, >>> > >>> > Are you running make CFLAGS=-DMSC_TEST test right ? >>> >>> Yes, I am. >>> >>> > Can you send me your backtrace ? >>> >>> Sure. What exactly do you need? >>> >>> > Thanks >>> > >>> > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung <rai...@ki... >>> >wrote: >>> > > On 22.05.2013 10:22, Pavel Mateja wrote: >>> > > > Hi guys, >>> > > > I've upgraded our debian servers from wheezy to squeeze and I can't >>> > > > pass >>> > > >>> > > "make >>> > > >>> > > > test" of modsecurity any more: >>> > > > >>> > > > Loaded 8 tests from ./op/rx.t >>> > > > >>> > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.) >>> > > > 2) op "rx": passed >>> > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.) >>> > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.) >>> > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.) >>> > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.) >>> > > > 7) op "rx": passed >>> > > > >>> > > > ERROR: Failed to create rule for op "rx": Error creating rule: >>> Error >>> > > >>> > > compiling >>> > > >>> > > > pattern (offset 2): unrecognized character after (? or (?- >>> > > > Test exited with signal 11. >>> > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p" >>> > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1" >>> > > > >>> > > > 8) op "rx": failed >>> > > > >>> > > > Passed: 7; Failed: 1 >>> > > > >>> > > > I've tried version 2.7.2 which passed test on old debian and latest >>> > > >>> > > 2.7.3. >>> > > >>> > > > Both failed on the same place. >>> > > > >>> > > > Compilation parameters were: >>> > > > ./configure --prefix=/apache/modules/ --with-apxs=/apache/bin/apxs >>> > > >>> > > --with- >>> > > >>> > > > apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config >>> > > >>> > > --enable-pcre- >>> > > >>> > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000 >>> > > >>> > > --disable-mlogc >>> > > >>> > > Since it exits with signal 11 it might be related to this bug: >>> > > >>> > > https://github.com/SpiderLabs/ModSecurity/issues/23 >>> > > >>> > > It was fixed in this commit >>> > > >>> > > >>> > > >>> https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e6317 >>> > > af1680f2a007aead >>> > > >>> > > and should be part of 2.7.2 and later. Maybe the fix didn't catch all >>> > > similar situations? >>> > > >>> > > Regards, >>> > > >>> > > Rainer >>> > > >>> > > >>> > > >>> ------------------------------------------------------------------------- >>> > > ----- Try New Relic Now & We'll Send You this Cool Shirt >>> > > New Relic is the only SaaS-based application performance monitoring >>> > > service that delivers powerful full stack analytics. Optimize and >>> > > monitor your browser, app, & servers with just a few lines of code. >>> Try >>> > > New Relic and get this awesome Nerd Life shirt! >>> > > http://p.sf.net/sfu/newrelic_d2d_may >>> > > _______________________________________________ >>> > > mod-security-developers mailing list >>> > > mod...@li... >>> > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers >>> > > ModSecurity Services from Trustwave's SpiderLabs: >>> > > https://www.trustwave.com/spiderLabs.php >>> -- >>> Pavel Mateja >>> >>> >>> ------------------------------------------------------------------------------ >>> Try New Relic Now & We'll Send You this Cool Shirt >>> New Relic is the only SaaS-based application performance monitoring >>> service >>> that delivers powerful full stack analytics. Optimize and monitor your >>> browser, app, & servers with just a few lines of code. Try New Relic >>> and get this awesome Nerd Life shirt! >>> http://p.sf.net/sfu/newrelic_d2d_may >>> _______________________________________________ >>> mod-security-developers mailing list >>> mod...@li... >>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >>> ModSecurity Services from Trustwave's SpiderLabs: >>> https://www.trustwave.com/spiderLabs.php >>> >> >> > |
From: Breno S. <bre...@gm...> - 2013-05-22 12:43:00
|
I can just reproduce it running ./msc_test alone: root@ubuntu:/home/brenosilva/modsecurity-apache_2.7.4/tests# ./msc_test "-t" "op" "-n" "rx" "-p" "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1" ERROR: Failed to create rule for op "rx": Error creating rule: Error compiling pattern (offset 2): unrecognized character after (? or (?- Segmentation fault However when running with make test it works fine. On Wed, May 22, 2013 at 9:41 AM, Breno Silva <bre...@gm...> wrote: > Oops you should change the binary to msc_test :) > > > On Wed, May 22, 2013 at 9:37 AM, Breno Silva <bre...@gm...>wrote: > >> Could you also send me your error.log? >> >> >> On Wed, May 22, 2013 at 9:36 AM, Breno Silva <bre...@gm...>wrote: >> >>> You should do: >>> >>> Make sure there is a core dump area with something like: >>> >>> CoreDumpDirectory /tmp >>> >>> Make sure limits are set to dump core: >>> >>> ulimit -c unlimited >>> >>> Restart and trigger the error. A core file should be in the directory >>> you specified. >>> >>> Then use gdb to get a backtrace: >>> >>> gdb /path/to/httpd /path/to/core --batch --quiet \ >>> -ex "thread apply all bt full" > backtrace.log >>> >>> >>> On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...> wrote: >>> >>>> > Hello Pavel, >>>> > >>>> > Are you running make CFLAGS=-DMSC_TEST test right ? >>>> >>>> Yes, I am. >>>> >>>> > Can you send me your backtrace ? >>>> >>>> Sure. What exactly do you need? >>>> >>>> > Thanks >>>> > >>>> > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung <rai...@ki... >>>> >wrote: >>>> > > On 22.05.2013 10:22, Pavel Mateja wrote: >>>> > > > Hi guys, >>>> > > > I've upgraded our debian servers from wheezy to squeeze and I >>>> can't >>>> > > > pass >>>> > > >>>> > > "make >>>> > > >>>> > > > test" of modsecurity any more: >>>> > > > >>>> > > > Loaded 8 tests from ./op/rx.t >>>> > > > >>>> > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.) >>>> > > > 2) op "rx": passed >>>> > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.) >>>> > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.) >>>> > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.) >>>> > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.) >>>> > > > 7) op "rx": passed >>>> > > > >>>> > > > ERROR: Failed to create rule for op "rx": Error creating rule: >>>> Error >>>> > > >>>> > > compiling >>>> > > >>>> > > > pattern (offset 2): unrecognized character after (? or (?- >>>> > > > Test exited with signal 11. >>>> > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p" >>>> > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1" >>>> > > > >>>> > > > 8) op "rx": failed >>>> > > > >>>> > > > Passed: 7; Failed: 1 >>>> > > > >>>> > > > I've tried version 2.7.2 which passed test on old debian and >>>> latest >>>> > > >>>> > > 2.7.3. >>>> > > >>>> > > > Both failed on the same place. >>>> > > > >>>> > > > Compilation parameters were: >>>> > > > ./configure --prefix=/apache/modules/ --with-apxs=/apache/bin/apxs >>>> > > >>>> > > --with- >>>> > > >>>> > > > apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config >>>> > > >>>> > > --enable-pcre- >>>> > > >>>> > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000 >>>> > > >>>> > > --disable-mlogc >>>> > > >>>> > > Since it exits with signal 11 it might be related to this bug: >>>> > > >>>> > > https://github.com/SpiderLabs/ModSecurity/issues/23 >>>> > > >>>> > > It was fixed in this commit >>>> > > >>>> > > >>>> > > >>>> https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e6317 >>>> > > af1680f2a007aead >>>> > > >>>> > > and should be part of 2.7.2 and later. Maybe the fix didn't catch >>>> all >>>> > > similar situations? >>>> > > >>>> > > Regards, >>>> > > >>>> > > Rainer >>>> > > >>>> > > >>>> > > >>>> ------------------------------------------------------------------------- >>>> > > ----- Try New Relic Now & We'll Send You this Cool Shirt >>>> > > New Relic is the only SaaS-based application performance monitoring >>>> > > service that delivers powerful full stack analytics. Optimize and >>>> > > monitor your browser, app, & servers with just a few lines of code. >>>> Try >>>> > > New Relic and get this awesome Nerd Life shirt! >>>> > > http://p.sf.net/sfu/newrelic_d2d_may >>>> > > _______________________________________________ >>>> > > mod-security-developers mailing list >>>> > > mod...@li... >>>> > > >>>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >>>> > > ModSecurity Services from Trustwave's SpiderLabs: >>>> > > https://www.trustwave.com/spiderLabs.php >>>> -- >>>> Pavel Mateja >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Try New Relic Now & We'll Send You this Cool Shirt >>>> New Relic is the only SaaS-based application performance monitoring >>>> service >>>> that delivers powerful full stack analytics. Optimize and monitor your >>>> browser, app, & servers with just a few lines of code. Try New Relic >>>> and get this awesome Nerd Life shirt! >>>> http://p.sf.net/sfu/newrelic_d2d_may >>>> _______________________________________________ >>>> mod-security-developers mailing list >>>> mod...@li... >>>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >>>> ModSecurity Services from Trustwave's SpiderLabs: >>>> https://www.trustwave.com/spiderLabs.php >>>> >>> >>> >> > |
From: Pavel M. <pa...@ne...> - 2013-05-22 12:47:49
|
> You should do: > > Make sure there is a core dump area with something like: > > CoreDumpDirectory /tmp > > Make sure limits are set to dump core: > > ulimit -c unlimited > > Restart and trigger the error. A core file should be in the directory > you specified. > > Then use gdb to get a backtrace: > > gdb /path/to/httpd /path/to/core --batch --quiet \ > -ex "thread apply all bt full" > backtrace.log Hi again. I'm confused. The bug is triggered by msc_test forked by make test not httpd. Just like the core says: core: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), SVR4-style, from './msc_test -t op -n rx -p (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) -D 0 -r' And gdb complains about right binary: warning: core file may not match specified executable file. I tried to get backtrace against msc_test but I got: warning: Can't read pathname for load map: Input/output error. and the backtrace is useless: [New LWP 2179] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux- gnu/i686/nosegneg/libthread_db.so.1". Core was generated by `./msc_test -t op -n rx -p (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) -D 0 -r'. Program terminated with signal 11, Segmentation fault. #0 0x080561d6 in msre_op_rx_execute () Thread 1 (Thread 0x4046c870 (LWP 2179)): #0 0x080561d6 in msre_op_rx_execute () No symbol table info available. #1 0x0804c40e in test_op () No symbol table info available. #2 0x0804d9d3 in main () No symbol table info available. -- Pavel Mateja > On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...> wrote: > > > Hello Pavel, > > > > > > Are you running make CFLAGS=-DMSC_TEST test right ? > > > > Yes, I am. > > > > > Can you send me your backtrace ? > > > > Sure. What exactly do you need? > > > > > Thanks > > > > > > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung <rai...@ki... > > > > > >wrote: > > > > On 22.05.2013 10:22, Pavel Mateja wrote: > > > > > Hi guys, > > > > > I've upgraded our debian servers from wheezy to squeeze and I can't > > > > > pass > > > > > > > > "make > > > > > > > > > test" of modsecurity any more: > > > > > > > > > > Loaded 8 tests from ./op/rx.t > > > > > > > > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.) > > > > > 2) op "rx": passed > > > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.) > > > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.) > > > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.) > > > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.) > > > > > 7) op "rx": passed > > > > > > > > > > ERROR: Failed to create rule for op "rx": Error creating rule: > > > > > Error > > > > > > > > compiling > > > > > > > > > pattern (offset 2): unrecognized character after (? or (?- > > > > > Test exited with signal 11. > > > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p" > > > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1" > > > > > > > > > > 8) op "rx": failed > > > > > > > > > > Passed: 7; Failed: 1 > > > > > > > > > > I've tried version 2.7.2 which passed test on old debian and latest > > > > > > > > 2.7.3. > > > > > > > > > Both failed on the same place. > > > > > > > > > > Compilation parameters were: > > > > > ./configure --prefix=/apache/modules/ --with-apxs=/apache/bin/apxs > > > > > > > > --with- > > > > > > > > > apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config > > > > > > > > --enable-pcre- > > > > > > > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000 > > > > > > > > --disable-mlogc > > > > > > > > Since it exits with signal 11 it might be related to this bug: > > > > > > > > https://github.com/SpiderLabs/ModSecurity/issues/23 > > > > > > > > It was fixed in this commit > > > > https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e6317 > > > > > > af1680f2a007aead > > > > > > > > and should be part of 2.7.2 and later. Maybe the fix didn't catch all > > > > similar situations? > > > > > > > > Regards, > > > > > > > > Rainer > > > > ------------------------------------------------------------------------- > > > > > > ----- Try New Relic Now & We'll Send You this Cool Shirt > > > > New Relic is the only SaaS-based application performance monitoring > > > > service that delivers powerful full stack analytics. Optimize and > > > > monitor your browser, app, & servers with just a few lines of code. > > > > Try New Relic and get this awesome Nerd Life shirt! > > > > http://p.sf.net/sfu/newrelic_d2d_may > > > > _______________________________________________ > > > > mod-security-developers mailing list > > > > mod...@li... > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > > > > ModSecurity Services from Trustwave's SpiderLabs: > > > > https://www.trustwave.com/spiderLabs.php > > > > -- > > Pavel Mateja > > > > > > ------------------------------------------------------------------------- > > ----- Try New Relic Now & We'll Send You this Cool Shirt > > New Relic is the only SaaS-based application performance monitoring > > service that delivers powerful full stack analytics. Optimize and > > monitor your browser, app, & servers with just a few lines of code. Try > > New Relic and get this awesome Nerd Life shirt! > > http://p.sf.net/sfu/newrelic_d2d_may > > _______________________________________________ > > mod-security-developers mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > > ModSecurity Services from Trustwave's SpiderLabs: > > https://www.trustwave.com/spiderLabs.php |
From: Breno S. <bre...@gm...> - 2013-05-22 12:53:16
|
Yes. Looks like for some reason the regex is not being compiled. I will investigate it On Wed, May 22, 2013 at 9:47 AM, Pavel Mateja <pa...@ne...> wrote: > > You should do: > > > > Make sure there is a core dump area with something like: > > > > CoreDumpDirectory /tmp > > > > Make sure limits are set to dump core: > > > > ulimit -c unlimited > > > > Restart and trigger the error. A core file should be in the directory > > you specified. > > > > Then use gdb to get a backtrace: > > > > gdb /path/to/httpd /path/to/core --batch --quiet \ > > -ex "thread apply all bt full" > backtrace.log > > Hi again. I'm confused. > > The bug is triggered by msc_test forked by make test not httpd. Just like > the > core says: > core: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), SVR4-style, > from > './msc_test -t op -n rx -p (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) > -D 0 > -r' > And gdb complains about right binary: > warning: core file may not match specified executable file. > > I tried to get backtrace against msc_test but I got: > warning: Can't read pathname for load map: Input/output error. > and the backtrace is useless: > > [New LWP 2179] > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/lib/i386-linux- > gnu/i686/nosegneg/libthread_db.so.1". > Core was generated by `./msc_test -t op -n rx -p > (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) -D 0 -r'. > Program terminated with signal 11, Segmentation fault. > #0 0x080561d6 in msre_op_rx_execute () > > Thread 1 (Thread 0x4046c870 (LWP 2179)): > #0 0x080561d6 in msre_op_rx_execute () > No symbol table info available. > #1 0x0804c40e in test_op () > No symbol table info available. > #2 0x0804d9d3 in main () > No symbol table info available. > -- > Pavel Mateja > > > On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...> wrote: > > > > Hello Pavel, > > > > > > > > Are you running make CFLAGS=-DMSC_TEST test right ? > > > > > > Yes, I am. > > > > > > > Can you send me your backtrace ? > > > > > > Sure. What exactly do you need? > > > > > > > Thanks > > > > > > > > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung < > rai...@ki... > > > > > > > >wrote: > > > > > On 22.05.2013 10:22, Pavel Mateja wrote: > > > > > > Hi guys, > > > > > > I've upgraded our debian servers from wheezy to squeeze and I > can't > > > > > > pass > > > > > > > > > > "make > > > > > > > > > > > test" of modsecurity any more: > > > > > > > > > > > > Loaded 8 tests from ./op/rx.t > > > > > > > > > > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.) > > > > > > 2) op "rx": passed > > > > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.) > > > > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.) > > > > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.) > > > > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.) > > > > > > 7) op "rx": passed > > > > > > > > > > > > ERROR: Failed to create rule for op "rx": Error creating rule: > > > > > > Error > > > > > > > > > > compiling > > > > > > > > > > > pattern (offset 2): unrecognized character after (? or (?- > > > > > > Test exited with signal 11. > > > > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p" > > > > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1" > > > > > > > > > > > > 8) op "rx": failed > > > > > > > > > > > > Passed: 7; Failed: 1 > > > > > > > > > > > > I've tried version 2.7.2 which passed test on old debian and > latest > > > > > > > > > > 2.7.3. > > > > > > > > > > > Both failed on the same place. > > > > > > > > > > > > Compilation parameters were: > > > > > > ./configure --prefix=/apache/modules/ > --with-apxs=/apache/bin/apxs > > > > > > > > > > --with- > > > > > > > > > > > apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config > > > > > > > > > > --enable-pcre- > > > > > > > > > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000 > > > > > > > > > > --disable-mlogc > > > > > > > > > > Since it exits with signal 11 it might be related to this bug: > > > > > > > > > > https://github.com/SpiderLabs/ModSecurity/issues/23 > > > > > > > > > > It was fixed in this commit > > > > > > > https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e6317 > > > > > > > > af1680f2a007aead > > > > > > > > > > and should be part of 2.7.2 and later. Maybe the fix didn't catch > all > > > > > similar situations? > > > > > > > > > > Regards, > > > > > > > > > > Rainer > > > > > > > ------------------------------------------------------------------------- > > > > > > > > ----- Try New Relic Now & We'll Send You this Cool Shirt > > > > > New Relic is the only SaaS-based application performance monitoring > > > > > service that delivers powerful full stack analytics. Optimize and > > > > > monitor your browser, app, & servers with just a few lines of code. > > > > > Try New Relic and get this awesome Nerd Life shirt! > > > > > http://p.sf.net/sfu/newrelic_d2d_may > > > > > _______________________________________________ > > > > > mod-security-developers mailing list > > > > > mod...@li... > > > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > > > > > ModSecurity Services from Trustwave's SpiderLabs: > > > > > https://www.trustwave.com/spiderLabs.php > > > > > > -- > > > Pavel Mateja > > > > > > > > > > ------------------------------------------------------------------------- > > > ----- Try New Relic Now & We'll Send You this Cool Shirt > > > New Relic is the only SaaS-based application performance monitoring > > > service that delivers powerful full stack analytics. Optimize and > > > monitor your browser, app, & servers with just a few lines of code. Try > > > New Relic and get this awesome Nerd Life shirt! > > > http://p.sf.net/sfu/newrelic_d2d_may > > > _______________________________________________ > > > mod-security-developers mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > > > ModSecurity Services from Trustwave's SpiderLabs: > > > https://www.trustwave.com/spiderLabs.php > > > ------------------------------------------------------------------------------ > Try New Relic Now & We'll Send You this Cool Shirt > New Relic is the only SaaS-based application performance monitoring service > that delivers powerful full stack analytics. Optimize and monitor your > browser, app, & servers with just a few lines of code. Try New Relic > and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
From: Breno S. <bre...@gm...> - 2013-05-22 13:44:34
|
I'm testing with an external tool that uses libpcre and it is failing to compile this regex too. So i'm start thinking (?^ syntax is not supported by libpcre ? On Wed, May 22, 2013 at 9:53 AM, Breno Silva <bre...@gm...> wrote: > Yes. Looks like for some reason the regex is not being compiled. > > I will investigate it > > > On Wed, May 22, 2013 at 9:47 AM, Pavel Mateja <pa...@ne...> wrote: > >> > You should do: >> > >> > Make sure there is a core dump area with something like: >> > >> > CoreDumpDirectory /tmp >> > >> > Make sure limits are set to dump core: >> > >> > ulimit -c unlimited >> > >> > Restart and trigger the error. A core file should be in the directory >> > you specified. >> > >> > Then use gdb to get a backtrace: >> > >> > gdb /path/to/httpd /path/to/core --batch --quiet \ >> > -ex "thread apply all bt full" > backtrace.log >> >> Hi again. I'm confused. >> >> The bug is triggered by msc_test forked by make test not httpd. Just like >> the >> core says: >> core: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), SVR4-style, >> from >> './msc_test -t op -n rx -p (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) >> -D 0 >> -r' >> And gdb complains about right binary: >> warning: core file may not match specified executable file. >> >> I tried to get backtrace against msc_test but I got: >> warning: Can't read pathname for load map: Input/output error. >> and the backtrace is useless: >> >> [New LWP 2179] >> [Thread debugging using libthread_db enabled] >> Using host libthread_db library "/lib/i386-linux- >> gnu/i686/nosegneg/libthread_db.so.1". >> Core was generated by `./msc_test -t op -n rx -p >> (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) -D 0 -r'. >> Program terminated with signal 11, Segmentation fault. >> #0 0x080561d6 in msre_op_rx_execute () >> >> Thread 1 (Thread 0x4046c870 (LWP 2179)): >> #0 0x080561d6 in msre_op_rx_execute () >> No symbol table info available. >> #1 0x0804c40e in test_op () >> No symbol table info available. >> #2 0x0804d9d3 in main () >> No symbol table info available. >> -- >> Pavel Mateja >> >> > On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...> wrote: >> > > > Hello Pavel, >> > > > >> > > > Are you running make CFLAGS=-DMSC_TEST test right ? >> > > >> > > Yes, I am. >> > > >> > > > Can you send me your backtrace ? >> > > >> > > Sure. What exactly do you need? >> > > >> > > > Thanks >> > > > >> > > > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung < >> rai...@ki... >> > > > >> > > >wrote: >> > > > > On 22.05.2013 10:22, Pavel Mateja wrote: >> > > > > > Hi guys, >> > > > > > I've upgraded our debian servers from wheezy to squeeze and I >> can't >> > > > > > pass >> > > > > >> > > > > "make >> > > > > >> > > > > > test" of modsecurity any more: >> > > > > > >> > > > > > Loaded 8 tests from ./op/rx.t >> > > > > > >> > > > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.) >> > > > > > 2) op "rx": passed >> > > > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.) >> > > > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.) >> > > > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.) >> > > > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.) >> > > > > > 7) op "rx": passed >> > > > > > >> > > > > > ERROR: Failed to create rule for op "rx": Error creating rule: >> > > > > > Error >> > > > > >> > > > > compiling >> > > > > >> > > > > > pattern (offset 2): unrecognized character after (? or (?- >> > > > > > Test exited with signal 11. >> > > > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p" >> > > > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" >> "1" >> > > > > > >> > > > > > 8) op "rx": failed >> > > > > > >> > > > > > Passed: 7; Failed: 1 >> > > > > > >> > > > > > I've tried version 2.7.2 which passed test on old debian and >> latest >> > > > > >> > > > > 2.7.3. >> > > > > >> > > > > > Both failed on the same place. >> > > > > > >> > > > > > Compilation parameters were: >> > > > > > ./configure --prefix=/apache/modules/ >> --with-apxs=/apache/bin/apxs >> > > > > >> > > > > --with- >> > > > > >> > > > > > apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config >> > > > > >> > > > > --enable-pcre- >> > > > > >> > > > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000 >> > > > > >> > > > > --disable-mlogc >> > > > > >> > > > > Since it exits with signal 11 it might be related to this bug: >> > > > > >> > > > > https://github.com/SpiderLabs/ModSecurity/issues/23 >> > > > > >> > > > > It was fixed in this commit >> > > >> > > >> https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e6317 >> > > >> > > > > af1680f2a007aead >> > > > > >> > > > > and should be part of 2.7.2 and later. Maybe the fix didn't catch >> all >> > > > > similar situations? >> > > > > >> > > > > Regards, >> > > > > >> > > > > Rainer >> > > >> > > >> ------------------------------------------------------------------------- >> > > >> > > > > ----- Try New Relic Now & We'll Send You this Cool Shirt >> > > > > New Relic is the only SaaS-based application performance >> monitoring >> > > > > service that delivers powerful full stack analytics. Optimize and >> > > > > monitor your browser, app, & servers with just a few lines of >> code. >> > > > > Try New Relic and get this awesome Nerd Life shirt! >> > > > > http://p.sf.net/sfu/newrelic_d2d_may >> > > > > _______________________________________________ >> > > > > mod-security-developers mailing list >> > > > > mod...@li... >> > > > > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> > > > > ModSecurity Services from Trustwave's SpiderLabs: >> > > > > https://www.trustwave.com/spiderLabs.php >> > > >> > > -- >> > > Pavel Mateja >> > > >> > > >> > > >> ------------------------------------------------------------------------- >> > > ----- Try New Relic Now & We'll Send You this Cool Shirt >> > > New Relic is the only SaaS-based application performance monitoring >> > > service that delivers powerful full stack analytics. Optimize and >> > > monitor your browser, app, & servers with just a few lines of code. >> Try >> > > New Relic and get this awesome Nerd Life shirt! >> > > http://p.sf.net/sfu/newrelic_d2d_may >> > > _______________________________________________ >> > > mod-security-developers mailing list >> > > mod...@li... >> > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> > > ModSecurity Services from Trustwave's SpiderLabs: >> > > https://www.trustwave.com/spiderLabs.php >> >> >> ------------------------------------------------------------------------------ >> Try New Relic Now & We'll Send You this Cool Shirt >> New Relic is the only SaaS-based application performance monitoring >> service >> that delivers powerful full stack analytics. Optimize and monitor your >> browser, app, & servers with just a few lines of code. Try New Relic >> and get this awesome Nerd Life shirt! >> http://p.sf.net/sfu/newrelic_d2d_may >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> > > |
From: Pavel M. <pa...@ne...> - 2013-05-22 13:58:04
|
> I'm testing with an external tool that uses libpcre and it is failing to > compile this regex too. > So i'm start thinking (?^ syntax is not supported by libpcre ? As I wrote in first email the 2.7.2 was able to run all tests on the same server running Debian Wheezy. I was just recompiling apache with modules against new libraries. It might be problem with newer version of libpcre in Squeeze. -- Pavel Mateja > On Wed, May 22, 2013 at 9:53 AM, Breno Silva <bre...@gm...> wrote: > > Yes. Looks like for some reason the regex is not being compiled. > > > > I will investigate it > > > > On Wed, May 22, 2013 at 9:47 AM, Pavel Mateja <pa...@ne...> wrote: > >> > You should do: > >> > > >> > Make sure there is a core dump area with something like: > >> > CoreDumpDirectory /tmp > >> > > >> > Make sure limits are set to dump core: > >> > ulimit -c unlimited > >> > > >> > Restart and trigger the error. A core file should be in the directory > >> > you specified. > >> > > >> > Then use gdb to get a backtrace: > >> > > >> > gdb /path/to/httpd /path/to/core --batch --quiet \ > >> > > >> > -ex "thread apply all bt full" > backtrace.log > >> > >> Hi again. I'm confused. > >> > >> The bug is triggered by msc_test forked by make test not httpd. Just > >> like the > >> core says: > >> core: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), > >> SVR4-style, from > >> './msc_test -t op -n rx -p (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) > >> -D 0 > >> -r' > >> And gdb complains about right binary: > >> warning: core file may not match specified executable file. > >> > >> I tried to get backtrace against msc_test but I got: > >> warning: Can't read pathname for load map: Input/output error. > >> and the backtrace is useless: > >> > >> [New LWP 2179] > >> [Thread debugging using libthread_db enabled] > >> Using host libthread_db library "/lib/i386-linux- > >> gnu/i686/nosegneg/libthread_db.so.1". > >> Core was generated by `./msc_test -t op -n rx -p > >> (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) -D 0 -r'. > >> Program terminated with signal 11, Segmentation fault. > >> #0 0x080561d6 in msre_op_rx_execute () > >> > >> Thread 1 (Thread 0x4046c870 (LWP 2179)): > >> #0 0x080561d6 in msre_op_rx_execute () > >> No symbol table info available. > >> #1 0x0804c40e in test_op () > >> No symbol table info available. > >> #2 0x0804d9d3 in main () > >> No symbol table info available. > >> -- > >> Pavel Mateja > >> > >> > On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...> wrote: > >> > > > Hello Pavel, > >> > > > > >> > > > Are you running make CFLAGS=-DMSC_TEST test right ? > >> > > > >> > > Yes, I am. > >> > > > >> > > > Can you send me your backtrace ? > >> > > > >> > > Sure. What exactly do you need? > >> > > > >> > > > Thanks > >> > > > > >> > > > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung < > >> > >> rai...@ki... > >> > >> > > >wrote: > >> > > > > On 22.05.2013 10:22, Pavel Mateja wrote: > >> > > > > > Hi guys, > >> > > > > > I've upgraded our debian servers from wheezy to squeeze and I > >> > >> can't > >> > >> > > > > > pass > >> > > > > > >> > > > > "make > >> > > > > > >> > > > > > test" of modsecurity any more: > >> > > > > > > >> > > > > > Loaded 8 tests from ./op/rx.t > >> > > > > > > >> > > > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.) > >> > > > > > 2) op "rx": passed > >> > > > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.) > >> > > > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.) > >> > > > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.) > >> > > > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.) > >> > > > > > 7) op "rx": passed > >> > > > > > > >> > > > > > ERROR: Failed to create rule for op "rx": Error creating rule: > >> > > > > > Error > >> > > > > > >> > > > > compiling > >> > > > > > >> > > > > > pattern (offset 2): unrecognized character after (? or (?- > >> > > > > > Test exited with signal 11. > >> > > > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p" > >> > > > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" > >> > >> "1" > >> > >> > > > > > 8) op "rx": failed > >> > > > > > > >> > > > > > Passed: 7; Failed: 1 > >> > > > > > > >> > > > > > I've tried version 2.7.2 which passed test on old debian and > >> > >> latest > >> > >> > > > > 2.7.3. > >> > > > > > >> > > > > > Both failed on the same place. > >> > > > > > > >> > > > > > Compilation parameters were: > >> > > > > > ./configure --prefix=/apache/modules/ > >> > >> --with-apxs=/apache/bin/apxs > >> > >> > > > > --with- > >> > > > > > >> > > > > > apr=/apache/bin/apr-1-config > >> > > > > > --with-apu=/apache/bin/apu-1-config > >> > > > > > >> > > > > --enable-pcre- > >> > > > > > >> > > > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000 > >> > > > > > >> > > > > --disable-mlogc > >> > > > > > >> > > > > Since it exits with signal 11 it might be related to this bug: > >> > > > > > >> > > > > https://github.com/SpiderLabs/ModSecurity/issues/23 > >> > > > > > >> > > > > It was fixed in this commit > >> > >> https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e631 > >> 7 > >> > >> > > > > af1680f2a007aead > >> > > > > > >> > > > > and should be part of 2.7.2 and later. Maybe the fix didn't > >> > > > > catch > >> > >> all > >> > >> > > > > similar situations? > >> > > > > > >> > > > > Regards, > >> > > > > > >> > > > > Rainer > >> > >> ------------------------------------------------------------------------ > >> - > >> > >> > > > > ----- Try New Relic Now & We'll Send You this Cool Shirt > >> > > > > New Relic is the only SaaS-based application performance > >> > >> monitoring > >> > >> > > > > service that delivers powerful full stack analytics. Optimize > >> > > > > and monitor your browser, app, & servers with just a few lines > >> > > > > of > >> > >> code. > >> > >> > > > > Try New Relic and get this awesome Nerd Life shirt! > >> > > > > http://p.sf.net/sfu/newrelic_d2d_may > >> > > > > _______________________________________________ > >> > > > > mod-security-developers mailing list > >> > > > > mod...@li... > >> > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers > >> > >> > > > > ModSecurity Services from Trustwave's SpiderLabs: > >> > > > > https://www.trustwave.com/spiderLabs.php > >> > > > >> > > -- > >> > > Pavel Mateja > >> > >> ------------------------------------------------------------------------ > >> - > >> > >> > > ----- Try New Relic Now & We'll Send You this Cool Shirt > >> > > New Relic is the only SaaS-based application performance monitoring > >> > > service that delivers powerful full stack analytics. Optimize and > >> > > monitor your browser, app, & servers with just a few lines of code. > >> > >> Try > >> > >> > > New Relic and get this awesome Nerd Life shirt! > >> > > http://p.sf.net/sfu/newrelic_d2d_may > >> > > _______________________________________________ > >> > > mod-security-developers mailing list > >> > > mod...@li... > >> > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > >> > > ModSecurity Services from Trustwave's SpiderLabs: > >> > > https://www.trustwave.com/spiderLabs.php > >> > >> ------------------------------------------------------------------------ > >> ------ Try New Relic Now & We'll Send You this Cool Shirt > >> New Relic is the only SaaS-based application performance monitoring > >> service > >> that delivers powerful full stack analytics. Optimize and monitor your > >> browser, app, & servers with just a few lines of code. Try New Relic > >> and get this awesome Nerd Life shirt! > >> http://p.sf.net/sfu/newrelic_d2d_may > >> _______________________________________________ > >> mod-security-developers mailing list > >> mod...@li... > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers > >> ModSecurity Services from Trustwave's SpiderLabs: > >> https://www.trustwave.com/spiderLabs.php |
From: Breno S. <bre...@gm...> - 2013-05-22 14:02:27
|
Maybe i can replace this test by another regex. On Wed, May 22, 2013 at 10:57 AM, Pavel Mateja <pa...@ne...> wrote: > > I'm testing with an external tool that uses libpcre and it is failing to > > compile this regex too. > > So i'm start thinking (?^ syntax is not supported by libpcre ? > > As I wrote in first email the 2.7.2 was able to run all tests on the same > server running Debian Wheezy. I was just recompiling apache with modules > against new libraries. > It might be problem with newer version of libpcre in Squeeze. > -- > Pavel Mateja > > > On Wed, May 22, 2013 at 9:53 AM, Breno Silva <bre...@gm...> > wrote: > > > Yes. Looks like for some reason the regex is not being compiled. > > > > > > I will investigate it > > > > > > On Wed, May 22, 2013 at 9:47 AM, Pavel Mateja <pa...@ne...> > wrote: > > >> > You should do: > > >> > > > >> > Make sure there is a core dump area with something like: > > >> > CoreDumpDirectory /tmp > > >> > > > >> > Make sure limits are set to dump core: > > >> > ulimit -c unlimited > > >> > > > >> > Restart and trigger the error. A core file should be in the > directory > > >> > you specified. > > >> > > > >> > Then use gdb to get a backtrace: > > >> > > > >> > gdb /path/to/httpd /path/to/core --batch --quiet \ > > >> > > > >> > -ex "thread apply all bt full" > backtrace.log > > >> > > >> Hi again. I'm confused. > > >> > > >> The bug is triggered by msc_test forked by make test not httpd. Just > > >> like the > > >> core says: > > >> core: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), > > >> SVR4-style, from > > >> './msc_test -t op -n rx -p > (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) > > >> -D 0 > > >> -r' > > >> And gdb complains about right binary: > > >> warning: core file may not match specified executable file. > > >> > > >> I tried to get backtrace against msc_test but I got: > > >> warning: Can't read pathname for load map: Input/output error. > > >> and the backtrace is useless: > > >> > > >> [New LWP 2179] > > >> [Thread debugging using libthread_db enabled] > > >> Using host libthread_db library "/lib/i386-linux- > > >> gnu/i686/nosegneg/libthread_db.so.1". > > >> Core was generated by `./msc_test -t op -n rx -p > > >> (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) -D 0 -r'. > > >> Program terminated with signal 11, Segmentation fault. > > >> #0 0x080561d6 in msre_op_rx_execute () > > >> > > >> Thread 1 (Thread 0x4046c870 (LWP 2179)): > > >> #0 0x080561d6 in msre_op_rx_execute () > > >> No symbol table info available. > > >> #1 0x0804c40e in test_op () > > >> No symbol table info available. > > >> #2 0x0804d9d3 in main () > > >> No symbol table info available. > > >> -- > > >> Pavel Mateja > > >> > > >> > On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...> > wrote: > > >> > > > Hello Pavel, > > >> > > > > > >> > > > Are you running make CFLAGS=-DMSC_TEST test right ? > > >> > > > > >> > > Yes, I am. > > >> > > > > >> > > > Can you send me your backtrace ? > > >> > > > > >> > > Sure. What exactly do you need? > > >> > > > > >> > > > Thanks > > >> > > > > > >> > > > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung < > > >> > > >> rai...@ki... > > >> > > >> > > >wrote: > > >> > > > > On 22.05.2013 10:22, Pavel Mateja wrote: > > >> > > > > > Hi guys, > > >> > > > > > I've upgraded our debian servers from wheezy to squeeze and > I > > >> > > >> can't > > >> > > >> > > > > > pass > > >> > > > > > > >> > > > > "make > > >> > > > > > > >> > > > > > test" of modsecurity any more: > > >> > > > > > > > >> > > > > > Loaded 8 tests from ./op/rx.t > > >> > > > > > > > >> > > > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.) > > >> > > > > > 2) op "rx": passed > > >> > > > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.) > > >> > > > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.) > > >> > > > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.) > > >> > > > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.) > > >> > > > > > 7) op "rx": passed > > >> > > > > > > > >> > > > > > ERROR: Failed to create rule for op "rx": Error creating > rule: > > >> > > > > > Error > > >> > > > > > > >> > > > > compiling > > >> > > > > > > >> > > > > > pattern (offset 2): unrecognized character after (? or (?- > > >> > > > > > Test exited with signal 11. > > >> > > > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p" > > >> > > > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" > "-r" > > >> > > >> "1" > > >> > > >> > > > > > 8) op "rx": failed > > >> > > > > > > > >> > > > > > Passed: 7; Failed: 1 > > >> > > > > > > > >> > > > > > I've tried version 2.7.2 which passed test on old debian and > > >> > > >> latest > > >> > > >> > > > > 2.7.3. > > >> > > > > > > >> > > > > > Both failed on the same place. > > >> > > > > > > > >> > > > > > Compilation parameters were: > > >> > > > > > ./configure --prefix=/apache/modules/ > > >> > > >> --with-apxs=/apache/bin/apxs > > >> > > >> > > > > --with- > > >> > > > > > > >> > > > > > apr=/apache/bin/apr-1-config > > >> > > > > > --with-apu=/apache/bin/apu-1-config > > >> > > > > > > >> > > > > --enable-pcre- > > >> > > > > > > >> > > > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000 > > >> > > > > > > >> > > > > --disable-mlogc > > >> > > > > > > >> > > > > Since it exits with signal 11 it might be related to this bug: > > >> > > > > > > >> > > > > https://github.com/SpiderLabs/ModSecurity/issues/23 > > >> > > > > > > >> > > > > It was fixed in this commit > > >> > > >> > https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e631 > > >> 7 > > >> > > >> > > > > af1680f2a007aead > > >> > > > > > > >> > > > > and should be part of 2.7.2 and later. Maybe the fix didn't > > >> > > > > catch > > >> > > >> all > > >> > > >> > > > > similar situations? > > >> > > > > > > >> > > > > Regards, > > >> > > > > > > >> > > > > Rainer > > >> > > >> > ------------------------------------------------------------------------ > > >> - > > >> > > >> > > > > ----- Try New Relic Now & We'll Send You this Cool Shirt > > >> > > > > New Relic is the only SaaS-based application performance > > >> > > >> monitoring > > >> > > >> > > > > service that delivers powerful full stack analytics. Optimize > > >> > > > > and monitor your browser, app, & servers with just a few lines > > >> > > > > of > > >> > > >> code. > > >> > > >> > > > > Try New Relic and get this awesome Nerd Life shirt! > > >> > > > > http://p.sf.net/sfu/newrelic_d2d_may > > >> > > > > _______________________________________________ > > >> > > > > mod-security-developers mailing list > > >> > > > > mod...@li... > > >> > > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers > > >> > > >> > > > > ModSecurity Services from Trustwave's SpiderLabs: > > >> > > > > https://www.trustwave.com/spiderLabs.php > > >> > > > > >> > > -- > > >> > > Pavel Mateja > > >> > > >> > ------------------------------------------------------------------------ > > >> - > > >> > > >> > > ----- Try New Relic Now & We'll Send You this Cool Shirt > > >> > > New Relic is the only SaaS-based application performance > monitoring > > >> > > service that delivers powerful full stack analytics. Optimize and > > >> > > monitor your browser, app, & servers with just a few lines of > code. > > >> > > >> Try > > >> > > >> > > New Relic and get this awesome Nerd Life shirt! > > >> > > http://p.sf.net/sfu/newrelic_d2d_may > > >> > > _______________________________________________ > > >> > > mod-security-developers mailing list > > >> > > mod...@li... > > >> > > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > > >> > > ModSecurity Services from Trustwave's SpiderLabs: > > >> > > https://www.trustwave.com/spiderLabs.php > > >> > > >> > ------------------------------------------------------------------------ > > >> ------ Try New Relic Now & We'll Send You this Cool Shirt > > >> New Relic is the only SaaS-based application performance monitoring > > >> service > > >> that delivers powerful full stack analytics. Optimize and monitor your > > >> browser, app, & servers with just a few lines of code. Try New Relic > > >> and get this awesome Nerd Life shirt! > > >> http://p.sf.net/sfu/newrelic_d2d_may > > >> _______________________________________________ > > >> mod-security-developers mailing list > > >> mod...@li... > > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers > > >> ModSecurity Services from Trustwave's SpiderLabs: > > >> https://www.trustwave.com/spiderLabs.php > > > ------------------------------------------------------------------------------ > Try New Relic Now & We'll Send You this Cool Shirt > New Relic is the only SaaS-based application performance monitoring service > that delivers powerful full stack analytics. Optimize and monitor your > browser, app, & servers with just a few lines of code. Try New Relic > and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
From: Breno S. <bre...@gm...> - 2013-05-22 14:05:30
|
Could you tell me your libpcre version (compiled and linked) ? You can run apache and get it in the error.log On Wed, May 22, 2013 at 11:02 AM, Breno Silva <bre...@gm...> wrote: > Maybe i can replace this test by another regex. > > > On Wed, May 22, 2013 at 10:57 AM, Pavel Mateja <pa...@ne...> wrote: > >> > I'm testing with an external tool that uses libpcre and it is failing to >> > compile this regex too. >> > So i'm start thinking (?^ syntax is not supported by libpcre ? >> >> As I wrote in first email the 2.7.2 was able to run all tests on the same >> server running Debian Wheezy. I was just recompiling apache with modules >> against new libraries. >> It might be problem with newer version of libpcre in Squeeze. >> -- >> Pavel Mateja >> >> > On Wed, May 22, 2013 at 9:53 AM, Breno Silva <bre...@gm...> >> wrote: >> > > Yes. Looks like for some reason the regex is not being compiled. >> > > >> > > I will investigate it >> > > >> > > On Wed, May 22, 2013 at 9:47 AM, Pavel Mateja <pa...@ne...> >> wrote: >> > >> > You should do: >> > >> > >> > >> > Make sure there is a core dump area with something like: >> > >> > CoreDumpDirectory /tmp >> > >> > >> > >> > Make sure limits are set to dump core: >> > >> > ulimit -c unlimited >> > >> > >> > >> > Restart and trigger the error. A core file should be in the >> directory >> > >> > you specified. >> > >> > >> > >> > Then use gdb to get a backtrace: >> > >> > >> > >> > gdb /path/to/httpd /path/to/core --batch --quiet \ >> > >> > >> > >> > -ex "thread apply all bt full" > backtrace.log >> > >> >> > >> Hi again. I'm confused. >> > >> >> > >> The bug is triggered by msc_test forked by make test not httpd. Just >> > >> like the >> > >> core says: >> > >> core: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), >> > >> SVR4-style, from >> > >> './msc_test -t op -n rx -p >> (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) >> > >> -D 0 >> > >> -r' >> > >> And gdb complains about right binary: >> > >> warning: core file may not match specified executable file. >> > >> >> > >> I tried to get backtrace against msc_test but I got: >> > >> warning: Can't read pathname for load map: Input/output error. >> > >> and the backtrace is useless: >> > >> >> > >> [New LWP 2179] >> > >> [Thread debugging using libthread_db enabled] >> > >> Using host libthread_db library "/lib/i386-linux- >> > >> gnu/i686/nosegneg/libthread_db.so.1". >> > >> Core was generated by `./msc_test -t op -n rx -p >> > >> (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) -D 0 -r'. >> > >> Program terminated with signal 11, Segmentation fault. >> > >> #0 0x080561d6 in msre_op_rx_execute () >> > >> >> > >> Thread 1 (Thread 0x4046c870 (LWP 2179)): >> > >> #0 0x080561d6 in msre_op_rx_execute () >> > >> No symbol table info available. >> > >> #1 0x0804c40e in test_op () >> > >> No symbol table info available. >> > >> #2 0x0804d9d3 in main () >> > >> No symbol table info available. >> > >> -- >> > >> Pavel Mateja >> > >> >> > >> > On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...> >> wrote: >> > >> > > > Hello Pavel, >> > >> > > > >> > >> > > > Are you running make CFLAGS=-DMSC_TEST test right ? >> > >> > > >> > >> > > Yes, I am. >> > >> > > >> > >> > > > Can you send me your backtrace ? >> > >> > > >> > >> > > Sure. What exactly do you need? >> > >> > > >> > >> > > > Thanks >> > >> > > > >> > >> > > > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung < >> > >> >> > >> rai...@ki... >> > >> >> > >> > > >wrote: >> > >> > > > > On 22.05.2013 10:22, Pavel Mateja wrote: >> > >> > > > > > Hi guys, >> > >> > > > > > I've upgraded our debian servers from wheezy to squeeze >> and I >> > >> >> > >> can't >> > >> >> > >> > > > > > pass >> > >> > > > > >> > >> > > > > "make >> > >> > > > > >> > >> > > > > > test" of modsecurity any more: >> > >> > > > > > >> > >> > > > > > Loaded 8 tests from ./op/rx.t >> > >> > > > > > >> > >> > > > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.) >> > >> > > > > > 2) op "rx": passed >> > >> > > > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.) >> > >> > > > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.) >> > >> > > > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.) >> > >> > > > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.) >> > >> > > > > > 7) op "rx": passed >> > >> > > > > > >> > >> > > > > > ERROR: Failed to create rule for op "rx": Error creating >> rule: >> > >> > > > > > Error >> > >> > > > > >> > >> > > > > compiling >> > >> > > > > >> > >> > > > > > pattern (offset 2): unrecognized character after (? or (?- >> > >> > > > > > Test exited with signal 11. >> > >> > > > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p" >> > >> > > > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" >> "-r" >> > >> >> > >> "1" >> > >> >> > >> > > > > > 8) op "rx": failed >> > >> > > > > > >> > >> > > > > > Passed: 7; Failed: 1 >> > >> > > > > > >> > >> > > > > > I've tried version 2.7.2 which passed test on old debian >> and >> > >> >> > >> latest >> > >> >> > >> > > > > 2.7.3. >> > >> > > > > >> > >> > > > > > Both failed on the same place. >> > >> > > > > > >> > >> > > > > > Compilation parameters were: >> > >> > > > > > ./configure --prefix=/apache/modules/ >> > >> >> > >> --with-apxs=/apache/bin/apxs >> > >> >> > >> > > > > --with- >> > >> > > > > >> > >> > > > > > apr=/apache/bin/apr-1-config >> > >> > > > > > --with-apu=/apache/bin/apu-1-config >> > >> > > > > >> > >> > > > > --enable-pcre- >> > >> > > > > >> > >> > > > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000 >> > >> > > > > >> > >> > > > > --disable-mlogc >> > >> > > > > >> > >> > > > > Since it exits with signal 11 it might be related to this >> bug: >> > >> > > > > >> > >> > > > > https://github.com/SpiderLabs/ModSecurity/issues/23 >> > >> > > > > >> > >> > > > > It was fixed in this commit >> > >> >> > >> >> https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e631 >> > >> 7 >> > >> >> > >> > > > > af1680f2a007aead >> > >> > > > > >> > >> > > > > and should be part of 2.7.2 and later. Maybe the fix didn't >> > >> > > > > catch >> > >> >> > >> all >> > >> >> > >> > > > > similar situations? >> > >> > > > > >> > >> > > > > Regards, >> > >> > > > > >> > >> > > > > Rainer >> > >> >> > >> >> ------------------------------------------------------------------------ >> > >> - >> > >> >> > >> > > > > ----- Try New Relic Now & We'll Send You this Cool Shirt >> > >> > > > > New Relic is the only SaaS-based application performance >> > >> >> > >> monitoring >> > >> >> > >> > > > > service that delivers powerful full stack analytics. Optimize >> > >> > > > > and monitor your browser, app, & servers with just a few >> lines >> > >> > > > > of >> > >> >> > >> code. >> > >> >> > >> > > > > Try New Relic and get this awesome Nerd Life shirt! >> > >> > > > > http://p.sf.net/sfu/newrelic_d2d_may >> > >> > > > > _______________________________________________ >> > >> > > > > mod-security-developers mailing list >> > >> > > > > mod...@li... >> > >> >> > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> > >> >> > >> > > > > ModSecurity Services from Trustwave's SpiderLabs: >> > >> > > > > https://www.trustwave.com/spiderLabs.php >> > >> > > >> > >> > > -- >> > >> > > Pavel Mateja >> > >> >> > >> >> ------------------------------------------------------------------------ >> > >> - >> > >> >> > >> > > ----- Try New Relic Now & We'll Send You this Cool Shirt >> > >> > > New Relic is the only SaaS-based application performance >> monitoring >> > >> > > service that delivers powerful full stack analytics. Optimize and >> > >> > > monitor your browser, app, & servers with just a few lines of >> code. >> > >> >> > >> Try >> > >> >> > >> > > New Relic and get this awesome Nerd Life shirt! >> > >> > > http://p.sf.net/sfu/newrelic_d2d_may >> > >> > > _______________________________________________ >> > >> > > mod-security-developers mailing list >> > >> > > mod...@li... >> > >> > > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> > >> > > ModSecurity Services from Trustwave's SpiderLabs: >> > >> > > https://www.trustwave.com/spiderLabs.php >> > >> >> > >> >> ------------------------------------------------------------------------ >> > >> ------ Try New Relic Now & We'll Send You this Cool Shirt >> > >> New Relic is the only SaaS-based application performance monitoring >> > >> service >> > >> that delivers powerful full stack analytics. Optimize and monitor >> your >> > >> browser, app, & servers with just a few lines of code. Try New Relic >> > >> and get this awesome Nerd Life shirt! >> > >> http://p.sf.net/sfu/newrelic_d2d_may >> > >> _______________________________________________ >> > >> mod-security-developers mailing list >> > >> mod...@li... >> > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> > >> ModSecurity Services from Trustwave's SpiderLabs: >> > >> https://www.trustwave.com/spiderLabs.php >> >> >> ------------------------------------------------------------------------------ >> Try New Relic Now & We'll Send You this Cool Shirt >> New Relic is the only SaaS-based application performance monitoring >> service >> that delivers powerful full stack analytics. Optimize and monitor your >> browser, app, & servers with just a few lines of code. Try New Relic >> and get this awesome Nerd Life shirt! >> http://p.sf.net/sfu/newrelic_d2d_may >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> > > |
From: Pavel M. <pa...@ne...> - 2013-05-22 14:12:57
|
> Could you tell me your libpcre version (compiled and linked) ? > > You can run apache and get it in the error.log The old working one is: ModSecurity: PCRE compiled version="8.2 "; loaded version="8.02 2010-03-19" The new broken one is: ModSecurity: PCRE compiled version="8.2 "; loaded version="8.30 2012-02-04" debian package: libpcre3:i386 1:8.30-5 > On Wed, May 22, 2013 at 11:02 AM, Breno Silva <bre...@gm...> wrote: > > Maybe i can replace this test by another regex. > > > > On Wed, May 22, 2013 at 10:57 AM, Pavel Mateja <pa...@ne...> wrote: > >> > I'm testing with an external tool that uses libpcre and it is failing > >> > to compile this regex too. > >> > So i'm start thinking (?^ syntax is not supported by libpcre ? > >> > >> As I wrote in first email the 2.7.2 was able to run all tests on the > >> same server running Debian Wheezy. I was just recompiling apache with > >> modules against new libraries. > >> It might be problem with newer version of libpcre in Squeeze. > >> -- > >> Pavel Mateja > >> > >> > On Wed, May 22, 2013 at 9:53 AM, Breno Silva <bre...@gm...> > >> > >> wrote: > >> > > Yes. Looks like for some reason the regex is not being compiled. > >> > > > >> > > I will investigate it > >> > > > >> > > On Wed, May 22, 2013 at 9:47 AM, Pavel Mateja <pa...@ne...> > >> > >> wrote: > >> > >> > You should do: > >> > >> > > >> > >> > Make sure there is a core dump area with something like: > >> > >> > CoreDumpDirectory /tmp > >> > >> > > >> > >> > Make sure limits are set to dump core: > >> > >> > ulimit -c unlimited > >> > >> > > >> > >> > Restart and trigger the error. A core file should be in the > >> > >> directory > >> > >> > >> > you specified. > >> > >> > > >> > >> > Then use gdb to get a backtrace: > >> > >> > > >> > >> > gdb /path/to/httpd /path/to/core --batch --quiet \ > >> > >> > > >> > >> > -ex "thread apply all bt full" > backtrace.log > >> > >> > >> > >> Hi again. I'm confused. > >> > >> > >> > >> The bug is triggered by msc_test forked by make test not httpd. > >> > >> Just like the > >> > >> core says: > >> > >> core: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), > >> > >> SVR4-style, from > >> > >> './msc_test -t op -n rx -p > >> > >> (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) > >> > >> > >> -D 0 > >> > >> -r' > >> > >> And gdb complains about right binary: > >> > >> warning: core file may not match specified executable file. > >> > >> > >> > >> I tried to get backtrace against msc_test but I got: > >> > >> warning: Can't read pathname for load map: Input/output error. > >> > >> and the backtrace is useless: > >> > >> > >> > >> [New LWP 2179] > >> > >> [Thread debugging using libthread_db enabled] > >> > >> Using host libthread_db library "/lib/i386-linux- > >> > >> gnu/i686/nosegneg/libthread_db.so.1". > >> > >> Core was generated by `./msc_test -t op -n rx -p > >> > >> (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) -D 0 -r'. > >> > >> Program terminated with signal 11, Segmentation fault. > >> > >> #0 0x080561d6 in msre_op_rx_execute () > >> > >> > >> > >> Thread 1 (Thread 0x4046c870 (LWP 2179)): > >> > >> #0 0x080561d6 in msre_op_rx_execute () > >> > >> No symbol table info available. > >> > >> #1 0x0804c40e in test_op () > >> > >> No symbol table info available. > >> > >> #2 0x0804d9d3 in main () > >> > >> No symbol table info available. > >> > >> -- > >> > >> Pavel Mateja > >> > >> > >> > >> > On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...> > >> > >> wrote: > >> > >> > > > Hello Pavel, > >> > >> > > > > >> > >> > > > Are you running make CFLAGS=-DMSC_TEST test right ? > >> > >> > > > >> > >> > > Yes, I am. > >> > >> > > > >> > >> > > > Can you send me your backtrace ? > >> > >> > > > >> > >> > > Sure. What exactly do you need? > >> > >> > > > >> > >> > > > Thanks > >> > >> > > > > >> > >> > > > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung < > >> > >> > >> > >> rai...@ki... > >> > >> > >> > >> > > >wrote: > >> > >> > > > > On 22.05.2013 10:22, Pavel Mateja wrote: > >> > >> > > > > > Hi guys, > >> > >> > > > > > I've upgraded our debian servers from wheezy to squeeze > >> > >> and I > >> > >> > >> can't > >> > >> > >> > >> > > > > > pass > >> > >> > > > > > >> > >> > > > > "make > >> > >> > > > > > >> > >> > > > > > test" of modsecurity any more: > >> > >> > > > > > > >> > >> > > > > > Loaded 8 tests from ./op/rx.t > >> > >> > > > > > > >> > >> > > > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.) > >> > >> > > > > > 2) op "rx": passed > >> > >> > > > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.) > >> > >> > > > > > 4) op "rx": passed (Pattern match "abc" at > >> > >> > > > > > UNIT_TEST.) 5) op "rx": passed (Pattern match "def" > >> > >> > > > > > at UNIT_TEST.) 6) op "rx": passed (Pattern match > >> > >> > > > > > "ghi" at UNIT_TEST.) 7) op "rx": passed > >> > >> > > > > > > >> > >> > > > > > ERROR: Failed to create rule for op "rx": Error creating > >> > >> rule: > >> > >> > > > > > Error > >> > >> > > > > > >> > >> > > > > compiling > >> > >> > > > > > >> > >> > > > > > pattern (offset 2): unrecognized character after (? or > >> > >> > > > > > (?- Test exited with signal 11. > >> > >> > > > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p" > >> > >> > > > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" > >> > >> "-r" > >> > >> > >> "1" > >> > >> > >> > >> > > > > > 8) op "rx": failed > >> > >> > > > > > > >> > >> > > > > > Passed: 7; Failed: 1 > >> > >> > > > > > > >> > >> > > > > > I've tried version 2.7.2 which passed test on old debian > >> > >> and > >> > >> > >> latest > >> > >> > >> > >> > > > > 2.7.3. > >> > >> > > > > > >> > >> > > > > > Both failed on the same place. > >> > >> > > > > > > >> > >> > > > > > Compilation parameters were: > >> > >> > > > > > ./configure --prefix=/apache/modules/ > >> > >> > >> > >> --with-apxs=/apache/bin/apxs > >> > >> > >> > >> > > > > --with- > >> > >> > > > > > >> > >> > > > > > apr=/apache/bin/apr-1-config > >> > >> > > > > > --with-apu=/apache/bin/apu-1-config > >> > >> > > > > > >> > >> > > > > --enable-pcre- > >> > >> > > > > > >> > >> > > > > > match-limit=50000 > >> > >> > > > > > --enable-pcre-match-limit-recursion=10000 > >> > >> > > > > > >> > >> > > > > --disable-mlogc > >> > >> > > > > > >> > >> > > > > Since it exits with signal 11 it might be related to this > >> > >> bug: > >> > >> > > > > https://github.com/SpiderLabs/ModSecurity/issues/23 > >> > >> > > > > > >> > >> > > > > It was fixed in this commit > >> > >> https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e631 > >> > >> > >> 7 > >> > >> > >> > >> > > > > af1680f2a007aead > >> > >> > > > > > >> > >> > > > > and should be part of 2.7.2 and later. Maybe the fix didn't > >> > >> > > > > catch > >> > >> > >> > >> all > >> > >> > >> > >> > > > > similar situations? > >> > >> > > > > > >> > >> > > > > Regards, > >> > >> > > > > > >> > >> > > > > Rainer > >> > >> ------------------------------------------------------------------------ > >> > >> > >> - > >> > >> > >> > >> > > > > ----- Try New Relic Now & We'll Send You this Cool Shirt > >> > >> > > > > New Relic is the only SaaS-based application performance > >> > >> > >> > >> monitoring > >> > >> > >> > >> > > > > service that delivers powerful full stack analytics. > >> > >> > > > > Optimize and monitor your browser, app, & servers with > >> > >> > > > > just a few > >> > >> lines > >> > >> > >> > > > > of > >> > >> > >> > >> code. > >> > >> > >> > >> > > > > Try New Relic and get this awesome Nerd Life shirt! > >> > >> > > > > http://p.sf.net/sfu/newrelic_d2d_may > >> > >> > > > > _______________________________________________ > >> > >> > > > > mod-security-developers mailing list > >> > >> > > > > mod...@li... > >> > >> > >> > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developer > >> > >> s > >> > >> > >> > >> > > > > ModSecurity Services from Trustwave's SpiderLabs: > >> > >> > > > > https://www.trustwave.com/spiderLabs.php > >> > >> > > > >> > >> > > -- > >> > >> > > Pavel Mateja > >> > >> ------------------------------------------------------------------------ > >> > >> > >> - > >> > >> > >> > >> > > ----- Try New Relic Now & We'll Send You this Cool Shirt > >> > >> > > New Relic is the only SaaS-based application performance > >> > >> monitoring > >> > >> > >> > > service that delivers powerful full stack analytics. Optimize > >> > >> > > and monitor your browser, app, & servers with just a few lines > >> > >> > > of > >> > >> code. > >> > >> > >> Try > >> > >> > >> > >> > > New Relic and get this awesome Nerd Life shirt! > >> > >> > > http://p.sf.net/sfu/newrelic_d2d_may > >> > >> > > _______________________________________________ > >> > >> > > mod-security-developers mailing list > >> > >> > > mod...@li... > >> > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers > >> > >> > >> > > ModSecurity Services from Trustwave's SpiderLabs: > >> > >> > > https://www.trustwave.com/spiderLabs.php > >> > >> ------------------------------------------------------------------------ > >> > >> > >> ------ Try New Relic Now & We'll Send You this Cool Shirt > >> > >> New Relic is the only SaaS-based application performance monitoring > >> > >> service > >> > >> that delivers powerful full stack analytics. Optimize and monitor > >> > >> your > >> > >> > >> browser, app, & servers with just a few lines of code. Try New > >> > >> Relic and get this awesome Nerd Life shirt! > >> > >> http://p.sf.net/sfu/newrelic_d2d_may > >> > >> _______________________________________________ > >> > >> mod-security-developers mailing list > >> > >> mod...@li... > >> > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developer > >> > >> s ModSecurity Services from Trustwave's SpiderLabs: > >> > >> https://www.trustwave.com/spiderLabs.php > >> > >> ------------------------------------------------------------------------ > >> ------ Try New Relic Now & We'll Send You this Cool Shirt > >> New Relic is the only SaaS-based application performance monitoring > >> service > >> that delivers powerful full stack analytics. Optimize and monitor your > >> browser, app, & servers with just a few lines of code. Try New Relic > >> and get this awesome Nerd Life shirt! > >> http://p.sf.net/sfu/newrelic_d2d_may > >> _______________________________________________ > >> mod-security-developers mailing list > >> mod...@li... > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers > >> ModSecurity Services from Trustwave's SpiderLabs: > >> https://www.trustwave.com/spiderLabs.php -- Pavel Mateja |