Thread: [Mod-security-developers] segfaults on JSON request body processor
Brought to you by:
victorhora,
zimmerletw
From: Bruno S. de A. <br...@sa...> - 2014-02-12 12:55:24
|
Hi, I'm testing the JSON patches from the json_top_of_2_7_7 branch and I'm getting what appears to be random segfaults. I say random because I haven't managed to identify any patterns on the type of requests that segfaults. Test environment: Centos 6.5 x86_64 httpd-2.2.15-29.el6.centos.x86_64 mod_security compiled with yajl-2.0.5 I'm running mod_security in DETECTION_ONLY mode, with the owasp crs and JSON requestBodyProcessor enabled When the request segfaults, the audit log only records parts A and B: To avoid making this email too long, logs are here: http://pastebin.com/MnehgvJw Let me know if I can help with any more information. Thanks, -- - Bruno |
From: Felipe C. <FC...@tr...> - 2014-02-13 03:26:02
|
Hi Bruno, Thank you for the report. Do you mind to generate more information using GDB? I've just create a guide on how to use GDB to help in the bug reporting process, it is available under our wiki: https://github.com/SpiderLabs/ModSecurity/wiki/Debugging-ModSecurity Thanks, Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Feb 12, 2014, at 9:23 AM, Bruno Savioli de Almeida <br...@sa...<mailto:br...@sa...>> wrote: Hi, I'm testing the JSON patches from the json_top_of_2_7_7 branch and I'm getting what appears to be random segfaults. I say random because I haven't managed to identify any patterns on the type of requests that segfaults. Test environment: Centos 6.5 x86_64 httpd-2.2.15-29.el6.centos.x86_64 mod_security compiled with yajl-2.0.5 I'm running mod_security in DETECTION_ONLY mode, with the owasp crs and JSON requestBodyProcessor enabled When the request segfaults, the audit log only records parts A and B: To avoid making this email too long, logs are here: http://pastebin.com/MnehgvJw Let me know if I can help with any more information. Thanks, -- - Bruno ------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk_______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
From: Bruno S. <br...@sa...> - 2014-02-13 11:07:36
|
Hi Felipe, Thanks for the instructions. Here's the output of 'bt full', hope it helps. Program received signal SIGSEGV, Segmentation fault. __strcmp_sse2 () at ../sysdeps/x86_64/strcmp.S:213 213 movlpd (%rdi), %xmm1 Missing separate debuginfos, use: debuginfo-install cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64 db4-4.7.25-18.el6_4.x86_64 expat-2.0.1-11.el6_2.x86_64 keyutils-libs-1.4-4.el6.x86_64 krb5-libs-1.10.3-10.el6_4.6.x86_64 libcom_err-1.41.12-18.el6.x86_64 libselinux-2.0.94-5.3.el6_4.1.x86_64 libuuid-2.17.2-12.14.el6.x86_64 libxml2-2.7.6-14.el6.x86_64 lua-5.1.4-4.1.el6.x86_64 nspr-4.10.2-1.el6_5.x86_64 nss-3.15.3-3.el6_5.x86_64 nss-softokn-freebl-3.14.3-9.el6.x86_64 nss-util-3.15.3-1.el6_5.x86_64 openldap-2.4.23-32.el6_4.1.x86_64 openssl-1.0.1e-16.el6_5.4.x86_64 pcre-7.8-6.el6.x86_64 zlib-1.2.3-29.el6.x86_64 (gdb) (gdb) bt full #0 __strcmp_sse2 () at ../sysdeps/x86_64/strcmp.S:213 No locals. #1 0x00007ffff2b81f7c in sec_audit_logger (msr=0x7ffff8d1da80) at msc_logging.c:699 arg = 0x7ffff8d47fa8 sorted_args = 0x7ffff8d5ba68 nextarg = 0x0 tarr = 0x7ffff8d39640 telts = 0x7ffff8d39768 offset = 0 last_offset = 0 sanitize = 0 my_error_msg = 0x0 arr = 0x7ffff8d48250 te = 0x7ffff8d48378 tarr_pattern = 0x7ffff8d33b68 telts_pattern = 0x7ffff8d33c90 str1 = 0x0 str2 = 0x0 text = 0x7ffff8d5ba50 "Content-Length: 133\n" rule = 0x0 next_rule = 0x0 nbytes = 0 nbytes_written = 140737368015808 md5hash = "\000\000\000\000\000\000\000\000\330\301\323\370\377\177\000" was_limited = 0 present = 0 wrote_response_body = 0 entry_filename = 0xf8d3ba88 <Address 0xf8d3ba88 out of bounds> entry_basename = 0x7fffffffdc90 "h\272\325\370\377\177" rc = 0 i = 0 limit = -132113904 k = 32767 sanitized_partial = 0 j = 32767 buf = 0x0 pat = 0x0 mparm = 0x0 arg_min = 32767 arg_max = -120464768 sanitize_matched = 0 #2 0x00007ffff2b79225 in modsecurity_process_phase_logging (msr=0x7ffff8d1da80) at modsecurity.c:695 time_before = 1392288967111028 time_after = 1392288967111070 #3 0x00007ffff2b794b5 in modsecurity_process_phase (msr=0x7ffff8d1da80, phase=5) at modsecurity.c:801 No locals. #4 0x00007ffff2b77190 in hook_log_transaction (r=0x7ffff8d1c1f8) at mod_security2.c:1217 arr = 0x7ffff8d5e0a0 origr = 0x7ffff8d1c1f8 ---Type <return> to continue, or q <return> to quit--- msr = 0x7ffff8d1da80 #5 0x00007ffff7fc8600 in ap_run_log_transaction (r=0x7ffff8d1c1f8) at /usr/src/debug/httpd-2.2.15/server/protocol.c:1705 pHook = <value optimized out> n = <value optimized out> rv = <value optimized out> #6 0x00007ffff7fe5a7f in ap_process_request (r=0x7ffff8d1c1f8) at /usr/src/debug/httpd-2.2.15/modules/http/http_request.c:308 access_status = <value optimized out> #7 0x00007ffff7fe29a8 in ap_process_http_connection (c=0x7ffff8cadcf8) at /usr/src/debug/httpd-2.2.15/modules/http/http_core.c:190 r = 0x7ffff8d1c1f8 csd = 0x0 #8 0x00007ffff7fde6b8 in ap_run_process_connection (c=0x7ffff8cadcf8) at /usr/src/debug/httpd-2.2.15/server/connection.c:43 pHook = <value optimized out> n = <value optimized out> rv = <value optimized out> #9 0x00007ffff7fea977 in child_main (child_num_arg=<value optimized out>) at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:667 current_conn = <value optimized out> csd = 0x7ffff8cadb08 ptrans = 0x7ffff8cada88 allocator = 0x7ffff8cab980 status = <value optimized out> i = <value optimized out> lr = <value optimized out> pollset = 0x7ffff8cabc20 sbh = 0x7ffff8cabc18 bucket_alloc = 0x7ffff8d14148 last_poll_idx = 1 #10 0x00007ffff7feac46 in make_child (s=0x7ffff8212880, slot=0) at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:707 pid = <value optimized out> #11 0x00007ffff7feb293 in ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, s=<value optimized out>) at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:983 index = <value optimized out> remaining_children_to_start = <value optimized out> rv = <value optimized out> #12 0x00007ffff7fc2900 in main (argc=4, argv=0x7fffffffe338) at /usr/src/debug/httpd-2.2.15/server/main.c:760 c = 102 'f' configtestonly = <value optimized out> confname = 0x7fffffffe5c2 "/etc/httpd/conf/httpd.conf" def_server_root = 0x7ffff7fed1f3 "/etc/httpd" temp_error_log = 0x0 error = <value optimized out> process = 0x7ffff8212880 server_conf = 0x7ffff8212880 pglobal = 0x7ffff8209148 pconf = 0x7ffff820b158 plog = 0x7ffff823d2e8 ptemp = 0x7ffff820f178 pcommands = 0x7ffff820d168 opt = 0x7ffff820d260 rv = <value optimized out> mod = <value optimized out> ---Type <return> to continue, or q <return> to quit--- optarg = 0x7fffffffe5c2 "/etc/httpd/conf/httpd.conf" signal_server = <value optimized out> On 13 February 2014 03:25, Felipe Costa <FC...@tr...> wrote: > Hi Bruno, > > Thank you for the report. > > Do you mind to generate more information using GDB? > > I've just create a guide on how to use GDB to help in the bug reporting > process, it is available under our wiki: > https://github.com/SpiderLabs/ModSecurity/wiki/Debugging-ModSecurity > > Thanks, > *Felipe "Zimmerle" Costa* > Security Researcher, SpiderLabs > > *Trustwave* | SMART SECURITY ON DEMAND > www.trustwave.com > > On Feb 12, 2014, at 9:23 AM, Bruno Savioli de Almeida <br...@sa...> > wrote: > > Hi, > > I'm testing the JSON patches from the json_top_of_2_7_7 branch and I'm > getting what appears to be random segfaults. I say random because I haven't > managed to identify any patterns on the type of requests that segfaults. > > Test environment: > Centos 6.5 x86_64 > httpd-2.2.15-29.el6.centos.x86_64 > mod_security compiled with yajl-2.0.5 > > > I'm running mod_security in DETECTION_ONLY mode, with the owasp crs and > JSON requestBodyProcessor enabled > > When the request segfaults, the audit log only records parts A and B: > > To avoid making this email too long, logs are here: > http://pastebin.com/MnehgvJw > > Let me know if I can help with any more information. > > > Thanks, > > > -- > - Bruno > ------------------------------------------------------------------------------ > Android apps run on BlackBerry 10 > Introducing the new BlackBerry 10.2.1 Runtime for Android apps. > Now with support for Jelly Bean, Bluetooth, Mapview and more. > Get your Android app in front of a whole new audience. Start now. > > http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk_______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > > ------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > > > ------------------------------------------------------------------------------ > Android apps run on BlackBerry 10 > Introducing the new BlackBerry 10.2.1 Runtime for Android apps. > Now with support for Jelly Bean, Bluetooth, Mapview and more. > Get your Android app in front of a whole new audience. Start now. > > http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > -- - Bruno |
From: Felipe C. <FC...@tr...> - 2014-03-20 18:25:59
|
Hi Bruno, Thanks for the detailed debugging information. I have just made some modifications on the code in order to fix the problem. The branch json_top_of_2_7_7 no longer exists, I would like to ask you to test the branch json instead: https://github.com/SpiderLabs/ModSecurity/tree/json This new branch does not only contains this specific bugfix but it is up-to-date with our master branch. Thanks, Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Feb 13, 2014, at 8:07 AM, Bruno Savioli <br...@sa...<mailto:br...@sa...>> wrote: Hi Felipe, Thanks for the instructions. Here's the output of 'bt full', hope it helps. Program received signal SIGSEGV, Segmentation fault. __strcmp_sse2 () at ../sysdeps/x86_64/strcmp.S:213 213 movlpd (%rdi), %xmm1 Missing separate debuginfos, use: debuginfo-install cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64 db4-4.7.25-18.el6_4.x86_64 expat-2.0.1-11.el6_2.x86_64 keyutils-libs-1.4-4.el6.x86_64 krb5-libs-1.10.3-10.el6_4.6.x86_64 libcom_err-1.41.12-18.el6.x86_64 libselinux-2.0.94-5.3.el6_4.1.x86_64 libuuid-2.17.2-12.14.el6.x86_64 libxml2-2.7.6-14.el6.x86_64 lua-5.1.4-4.1.el6.x86_64 nspr-4.10.2-1.el6_5.x86_64 nss-3.15.3-3.el6_5.x86_64 nss-softokn-freebl-3.14.3-9.el6.x86_64 nss-util-3.15.3-1.el6_5.x86_64 openldap-2.4.23-32.el6_4.1.x86_64 openssl-1.0.1e-16.el6_5.4.x86_64 pcre-7.8-6.el6.x86_64 zlib-1.2.3-29.el6.x86_64 (gdb) (gdb) bt full #0 __strcmp_sse2 () at ../sysdeps/x86_64/strcmp.S:213 No locals. #1 0x00007ffff2b81f7c in sec_audit_logger (msr=0x7ffff8d1da80) at msc_logging.c:699 arg = 0x7ffff8d47fa8 sorted_args = 0x7ffff8d5ba68 nextarg = 0x0 tarr = 0x7ffff8d39640 telts = 0x7ffff8d39768 offset = 0 last_offset = 0 sanitize = 0 my_error_msg = 0x0 arr = 0x7ffff8d48250 te = 0x7ffff8d48378 tarr_pattern = 0x7ffff8d33b68 telts_pattern = 0x7ffff8d33c90 str1 = 0x0 str2 = 0x0 text = 0x7ffff8d5ba50 "Content-Length: 133\n" rule = 0x0 next_rule = 0x0 nbytes = 0 nbytes_written = 140737368015808 md5hash = "\000\000\000\000\000\000\000\000\330\301\323\370\377\177\000" was_limited = 0 present = 0 wrote_response_body = 0 entry_filename = 0xf8d3ba88 <Address 0xf8d3ba88 out of bounds> entry_basename = 0x7fffffffdc90 "h\272\325\370\377\177" rc = 0 i = 0 limit = -132113904 k = 32767 sanitized_partial = 0 j = 32767 buf = 0x0 pat = 0x0 mparm = 0x0 arg_min = 32767 arg_max = -120464768 sanitize_matched = 0 #2 0x00007ffff2b79225 in modsecurity_process_phase_logging (msr=0x7ffff8d1da80) at modsecurity.c:695 time_before = 1392288967111028 time_after = 1392288967111070 #3 0x00007ffff2b794b5 in modsecurity_process_phase (msr=0x7ffff8d1da80, phase=5) at modsecurity.c:801 No locals. #4 0x00007ffff2b77190 in hook_log_transaction (r=0x7ffff8d1c1f8) at mod_security2.c:1217 arr = 0x7ffff8d5e0a0 origr = 0x7ffff8d1c1f8 ---Type <return> to continue, or q <return> to quit--- msr = 0x7ffff8d1da80 #5 0x00007ffff7fc8600 in ap_run_log_transaction (r=0x7ffff8d1c1f8) at /usr/src/debug/httpd-2.2.15/server/protocol.c:1705 pHook = <value optimized out> n = <value optimized out> rv = <value optimized out> #6 0x00007ffff7fe5a7f in ap_process_request (r=0x7ffff8d1c1f8) at /usr/src/debug/httpd-2.2.15/modules/http/http_request.c:308 access_status = <value optimized out> #7 0x00007ffff7fe29a8 in ap_process_http_connection (c=0x7ffff8cadcf8) at /usr/src/debug/httpd-2.2.15/modules/http/http_core.c:190 r = 0x7ffff8d1c1f8 csd = 0x0 #8 0x00007ffff7fde6b8 in ap_run_process_connection (c=0x7ffff8cadcf8) at /usr/src/debug/httpd-2.2.15/server/connection.c:43 pHook = <value optimized out> n = <value optimized out> rv = <value optimized out> #9 0x00007ffff7fea977 in child_main (child_num_arg=<value optimized out>) at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:667 current_conn = <value optimized out> csd = 0x7ffff8cadb08 ptrans = 0x7ffff8cada88 allocator = 0x7ffff8cab980 status = <value optimized out> i = <value optimized out> lr = <value optimized out> pollset = 0x7ffff8cabc20 sbh = 0x7ffff8cabc18 bucket_alloc = 0x7ffff8d14148 last_poll_idx = 1 #10 0x00007ffff7feac46 in make_child (s=0x7ffff8212880, slot=0) at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:707 pid = <value optimized out> #11 0x00007ffff7feb293 in ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, s=<value optimized out>) at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:983 index = <value optimized out> remaining_children_to_start = <value optimized out> rv = <value optimized out> #12 0x00007ffff7fc2900 in main (argc=4, argv=0x7fffffffe338) at /usr/src/debug/httpd-2.2.15/server/main.c:760 c = 102 'f' configtestonly = <value optimized out> confname = 0x7fffffffe5c2 "/etc/httpd/conf/httpd.conf" def_server_root = 0x7ffff7fed1f3 "/etc/httpd" temp_error_log = 0x0 error = <value optimized out> process = 0x7ffff8212880 server_conf = 0x7ffff8212880 pglobal = 0x7ffff8209148 pconf = 0x7ffff820b158 plog = 0x7ffff823d2e8 ptemp = 0x7ffff820f178 pcommands = 0x7ffff820d168 opt = 0x7ffff820d260 rv = <value optimized out> mod = <value optimized out> ---Type <return> to continue, or q <return> to quit--- optarg = 0x7fffffffe5c2 "/etc/httpd/conf/httpd.conf" signal_server = <value optimized out> On 13 February 2014 03:25, Felipe Costa <FC...@tr...<mailto:FC...@tr...>> wrote: Hi Bruno, Thank you for the report. Do you mind to generate more information using GDB? I've just create a guide on how to use GDB to help in the bug reporting process, it is available under our wiki: https://github.com/SpiderLabs/ModSecurity/wiki/Debugging-ModSecurity Thanks, Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Feb 12, 2014, at 9:23 AM, Bruno Savioli de Almeida <br...@sa...<mailto:br...@sa...>> wrote: Hi, I'm testing the JSON patches from the json_top_of_2_7_7 branch and I'm getting what appears to be random segfaults. I say random because I haven't managed to identify any patterns on the type of requests that segfaults. Test environment: Centos 6.5 x86_64 httpd-2.2.15-29.el6.centos.x86_64 mod_security compiled with yajl-2.0.5 I'm running mod_security in DETECTION_ONLY mode, with the owasp crs and JSON requestBodyProcessor enabled When the request segfaults, the audit log only records parts A and B: To avoid making this email too long, logs are here: http://pastebin.com/MnehgvJw Let me know if I can help with any more information. Thanks, -- - Bruno ------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk_______________________________________________ mod-security-developers mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. ------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk _______________________________________________ mod-security-developers mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php -- - Bruno ------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk_______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
From: Bruno S. de A. <br...@sa...> - 2014-04-29 11:41:00
|
Hi Felipe, Apologies for the delay, I was on away for a while. I'm currently testing 2.8.0 and most of the JSON stuff seems to be working ok. Found one minor issue with sanitiseArgs that I'll post on a new email. Thanks for your help. Bruno On 20 March 2014 18:25, Felipe Costa <FC...@tr...> wrote: > Hi Bruno, > > Thanks for the detailed debugging information. I have just made some > modifications on the code in order to fix the problem. The branch > json_top_of_2_7_7 no longer exists, I would like to ask you to test the > branch json instead: > > https://github.com/SpiderLabs/ModSecurity/tree/json > > This new branch does not only contains this specific bugfix but it is > up-to-date with our master branch. > > Thanks, > *Felipe "Zimmerle" Costa* > Security Researcher, SpiderLabs > > *Trustwave* | SMART SECURITY ON DEMAND > www.trustwave.com > > > On Feb 13, 2014, at 8:07 AM, Bruno Savioli <br...@sa...> wrote: > > Hi Felipe, > > Thanks for the instructions. > > Here's the output of 'bt full', hope it helps. > > > Program received signal SIGSEGV, Segmentation fault. > __strcmp_sse2 () at ../sysdeps/x86_64/strcmp.S:213 > 213 movlpd (%rdi), %xmm1 > Missing separate debuginfos, use: debuginfo-install > cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64 db4-4.7.25-18.el6_4.x86_64 > expat-2.0.1-11.el6_2.x86_64 keyutils-libs-1.4-4.el6.x86_64 > krb5-libs-1.10.3-10.el6_4.6.x86_64 libcom_err-1.41.12-18.el6.x86_64 > libselinux-2.0.94-5.3.el6_4.1.x86_64 libuuid-2.17.2-12.14.el6.x86_64 > libxml2-2.7.6-14.el6.x86_64 lua-5.1.4-4.1.el6.x86_64 > nspr-4.10.2-1.el6_5.x86_64 nss-3.15.3-3.el6_5.x86_64 > nss-softokn-freebl-3.14.3-9.el6.x86_64 nss-util-3.15.3-1.el6_5.x86_64 > openldap-2.4.23-32.el6_4.1.x86_64 openssl-1.0.1e-16.el6_5.4.x86_64 > pcre-7.8-6.el6.x86_64 zlib-1.2.3-29.el6.x86_64 > (gdb) > (gdb) bt full > #0 __strcmp_sse2 () at ../sysdeps/x86_64/strcmp.S:213 > No locals. > #1 0x00007ffff2b81f7c in sec_audit_logger (msr=0x7ffff8d1da80) at > msc_logging.c:699 > arg = 0x7ffff8d47fa8 > sorted_args = 0x7ffff8d5ba68 > nextarg = 0x0 > tarr = 0x7ffff8d39640 > telts = 0x7ffff8d39768 > offset = 0 > last_offset = 0 > sanitize = 0 > my_error_msg = 0x0 > arr = 0x7ffff8d48250 > te = 0x7ffff8d48378 > tarr_pattern = 0x7ffff8d33b68 > telts_pattern = 0x7ffff8d33c90 > str1 = 0x0 > str2 = 0x0 > text = 0x7ffff8d5ba50 "Content-Length: 133\n" > rule = 0x0 > next_rule = 0x0 > nbytes = 0 > nbytes_written = 140737368015808 > md5hash = > "\000\000\000\000\000\000\000\000\330\301\323\370\377\177\000" > was_limited = 0 > present = 0 > wrote_response_body = 0 > entry_filename = 0xf8d3ba88 <Address 0xf8d3ba88 out of bounds> > entry_basename = 0x7fffffffdc90 "h\272\325\370\377\177" > rc = 0 > i = 0 > limit = -132113904 > k = 32767 > sanitized_partial = 0 > j = 32767 > buf = 0x0 > pat = 0x0 > mparm = 0x0 > arg_min = 32767 > arg_max = -120464768 > sanitize_matched = 0 > #2 0x00007ffff2b79225 in modsecurity_process_phase_logging > (msr=0x7ffff8d1da80) at modsecurity.c:695 > time_before = 1392288967111028 > time_after = 1392288967111070 > #3 0x00007ffff2b794b5 in modsecurity_process_phase (msr=0x7ffff8d1da80, > phase=5) at modsecurity.c:801 > No locals. > #4 0x00007ffff2b77190 in hook_log_transaction (r=0x7ffff8d1c1f8) at > mod_security2.c:1217 > arr = 0x7ffff8d5e0a0 > origr = 0x7ffff8d1c1f8 > ---Type <return> to continue, or q <return> to quit--- > msr = 0x7ffff8d1da80 > #5 0x00007ffff7fc8600 in ap_run_log_transaction (r=0x7ffff8d1c1f8) at > /usr/src/debug/httpd-2.2.15/server/protocol.c:1705 > pHook = <value optimized out> > n = <value optimized out> > rv = <value optimized out> > #6 0x00007ffff7fe5a7f in ap_process_request (r=0x7ffff8d1c1f8) at > /usr/src/debug/httpd-2.2.15/modules/http/http_request.c:308 > access_status = <value optimized out> > #7 0x00007ffff7fe29a8 in ap_process_http_connection (c=0x7ffff8cadcf8) at > /usr/src/debug/httpd-2.2.15/modules/http/http_core.c:190 > r = 0x7ffff8d1c1f8 > csd = 0x0 > #8 0x00007ffff7fde6b8 in ap_run_process_connection (c=0x7ffff8cadcf8) at > /usr/src/debug/httpd-2.2.15/server/connection.c:43 > pHook = <value optimized out> > n = <value optimized out> > rv = <value optimized out> > #9 0x00007ffff7fea977 in child_main (child_num_arg=<value optimized out>) > at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:667 > current_conn = <value optimized out> > csd = 0x7ffff8cadb08 > ptrans = 0x7ffff8cada88 > allocator = 0x7ffff8cab980 > status = <value optimized out> > i = <value optimized out> > lr = <value optimized out> > pollset = 0x7ffff8cabc20 > sbh = 0x7ffff8cabc18 > bucket_alloc = 0x7ffff8d14148 > last_poll_idx = 1 > #10 0x00007ffff7feac46 in make_child (s=0x7ffff8212880, slot=0) at > /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:707 > pid = <value optimized out> > #11 0x00007ffff7feb293 in ap_mpm_run (_pconf=<value optimized out>, > plog=<value optimized out>, s=<value optimized out>) at > /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:983 > index = <value optimized out> > remaining_children_to_start = <value optimized out> > rv = <value optimized out> > #12 0x00007ffff7fc2900 in main (argc=4, argv=0x7fffffffe338) at > /usr/src/debug/httpd-2.2.15/server/main.c:760 > c = 102 'f' > configtestonly = <value optimized out> > confname = 0x7fffffffe5c2 "/etc/httpd/conf/httpd.conf" > def_server_root = 0x7ffff7fed1f3 "/etc/httpd" > temp_error_log = 0x0 > error = <value optimized out> > process = 0x7ffff8212880 > server_conf = 0x7ffff8212880 > pglobal = 0x7ffff8209148 > pconf = 0x7ffff820b158 > plog = 0x7ffff823d2e8 > ptemp = 0x7ffff820f178 > pcommands = 0x7ffff820d168 > opt = 0x7ffff820d260 > rv = <value optimized out> > mod = <value optimized out> > ---Type <return> to continue, or q <return> to quit--- > optarg = 0x7fffffffe5c2 "/etc/httpd/conf/httpd.conf" > signal_server = <value optimized out> > > > > > > > > > > On 13 February 2014 03:25, Felipe Costa <FC...@tr...> wrote: > >> Hi Bruno, >> >> Thank you for the report. >> >> Do you mind to generate more information using GDB? >> >> I've just create a guide on how to use GDB to help in the bug reporting >> process, it is available under our wiki: >> https://github.com/SpiderLabs/ModSecurity/wiki/Debugging-ModSecurity >> >> Thanks, >> *Felipe "Zimmerle" Costa* >> Security Researcher, SpiderLabs >> >> *Trustwave* | SMART SECURITY ON DEMAND >> www.trustwave.com >> >> On Feb 12, 2014, at 9:23 AM, Bruno Savioli de Almeida < >> br...@sa...> wrote: >> >> Hi, >> >> I'm testing the JSON patches from the json_top_of_2_7_7 branch and I'm >> getting what appears to be random segfaults. I say random because I haven't >> managed to identify any patterns on the type of requests that segfaults. >> >> Test environment: >> Centos 6.5 x86_64 >> httpd-2.2.15-29.el6.centos.x86_64 >> mod_security compiled with yajl-2.0.5 >> >> >> I'm running mod_security in DETECTION_ONLY mode, with the owasp crs and >> JSON requestBodyProcessor enabled >> >> When the request segfaults, the audit log only records parts A and B: >> >> To avoid making this email too long, logs are here: >> http://pastebin.com/MnehgvJw >> >> Let me know if I can help with any more information. >> >> >> Thanks, >> >> >> -- >> - Bruno >> ------------------------------------------------------------------------------ >> Android apps run on BlackBerry 10 >> Introducing the new BlackBerry 10.2.1 Runtime for Android apps. >> Now with support for Jelly Bean, Bluetooth, Mapview and more. >> Get your Android app in front of a whole new audience. Start now. >> >> http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk_______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> >> >> >> ------------------------------ >> >> This transmission may contain information that is privileged, >> confidential, and/or exempt from disclosure under applicable law. If you >> are not the intended recipient, you are hereby notified that any >> disclosure, copying, distribution, or use of the information contained >> herein (including any reliance thereon) is strictly prohibited. If you >> received this transmission in error, please immediately contact the sender >> and destroy the material in its entirety, whether in electronic or hard >> copy format. >> >> >> ------------------------------------------------------------------------------ >> Android apps run on BlackBerry 10 >> Introducing the new BlackBerry 10.2.1 Runtime for Android apps. >> Now with support for Jelly Bean, Bluetooth, Mapview and more. >> Get your Android app in front of a whole new audience. Start now. >> >> http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> > > > > -- > - Bruno > > ------------------------------------------------------------------------------ > Android apps run on BlackBerry 10 > Introducing the new BlackBerry 10.2.1 Runtime for Android apps. > Now with support for Jelly Bean, Bluetooth, Mapview and more. > Get your Android app in front of a whole new audience. Start now. > > http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk_______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > > ------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > -- - Bruno |