Skip to content
This repository has been archived by the owner on Nov 8, 2023. It is now read-only.

naxsi build fails with pcre*2*-enabled nginx-1.21.5: incorrect PCRE_MULTILINE usage #580

Closed
pgnd opened this issue Dec 28, 2021 · 11 comments
Closed

naxsi build fails with pcre*2*-enabled nginx-1.21.5: incorrect PCRE_MULTILINE usage #580

pgnd opened this issue Dec 28, 2021 · 11 comments

Comments

@pgnd
Copy link

pgnd commented Dec 28, 2021

Building/packaging latest nginx-1.21.5

On 12/28/21 10:33, Maxim Dounin wrote:
> details:   https://hg.nginx.org/nginx/rev/d986378168fd
> branches:
> changeset: 7989:d986378168fd
> user:      Maxim Dounin <mdounin@mdounin.ru>
> date:      Tue Dec 28 18:28:37 2021 +0300
> description:
> nginx-1.21.5-RELEASE

on Fedora 35, with PCRE2,

rpm -qa | grep pcre2 | sort
	pcre2-10.37-4.fc35.x86_64
	pcre2-devel-10.37-4.fc35.x86_64
	pcre2-syntax-10.37-4.fc35.noarch
	pcre2-utf16-10.37-4.fc35.x86_64
	pcre2-utf32-10.37-4.fc35.x86_64

and only PCRE2 enabled,

https://download.copr.fedorainfracloud.org/results/pgfed/nginx-mainline/fedora-35-x86_64/03084864-nginx/nginx.spec

fails,

https://download.copr.fedorainfracloud.org/results/pgfed/nginx-mainline/fedora-35-x86_64/03084864-nginx/builder-live.log.gz

at,

...
/usr/bin/gcc -c -fPIC -I/usr/local/lua-resty-luajit2/include/luajit-2.1 -O3 -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -march=x86-64 -mtune=generic -O3 -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -march=x86-64 -mtune=generic -DNDK_SET_VAR -Wno-deprecated-declarations -I src/core -I src/event -I src/event/modules -I src/os/unix -I src/http/modules/perl -I ../ngx_devel_kit-master/objs -I objs/addon/ndk -I ../ngx_devel_kit-master/src -I ../ngx_devel_kit-master/objs -I objs/addon/ndk -I /usr/local/lua-resty-luajit2/include/luajit-2.1 -I ../lua-nginx-module-master/src/api -I /usr/include -I ../njs-master/nginx/../src -I ../njs-master/nginx/../build -I ../njs-master/nginx/../src -I ../njs-master/nginx/../build -I /usr/include/libxml2 -I objs -I src/http -I src/http/modules -I src/http/v2 -I ../ngx_devel_kit-master/src -I src/mail -I src/stream \
	-o objs/addon/naxsi_src/naxsi_config.o \
	../naxsi-master/naxsi_src/naxsi_config.c
../naxsi-master/naxsi_src/naxsi_runtime.c: In function 'ngx_http_process_basic_rule_buffer':
../naxsi-master/naxsi_src/naxsi_runtime.c:205:61: error: invalid use of incomplete typedef 'ngx_regex_t' {aka 'struct pcre2_real_code_8'}
  205 |       (tmp_idx < len && (match = pcre_exec(rl->br->rx->regex->code,
      |                                                             ^~
../naxsi-master/naxsi_src/naxsi_runtime.c: In function 'ngx_http_naxsi_pcre_wrapper':
../naxsi-master/naxsi_src/naxsi_runtime.c:500:30: error: invalid use of incomplete typedef 'ngx_regex_t' {aka 'struct pcre2_real_code_8'}
  500 |   match = pcre_exec(rx->regex->code, 0, (const char*)str, len, 0, 0, captures, 1);
      |                              ^~
make[1]: *** [objs/Makefile:1715: objs/addon/naxsi_src/naxsi_runtime.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make[1]: Leaving directory '/builddir/build/BUILD/nginx-release-1.21.5'
make: *** [Makefile:10: build] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.hYoU7Y (%build)
@petecooper
Copy link

Possibly connected commits:

@pgnd
Copy link
Author

pgnd commented Dec 28, 2021
edited
Loading

@petecooper

from nginx-devel ML,

https://forum.nginx.org/read.php?29,293178,293179#msg-293179

the second issue, above, seems to be the relevant one here.

and,

"The NAXSI bug mentioned in the second commit needs to be fixed
before it will be possible to build NAXSI with PCRE2."

"The" bug refers to incorrect usage of PCRE_MULTILINE.

but, afaict, is not yet filed/open as an existing issue here @ naxsi

@pgnd pgnd changed the title naxsi build fails with pcre*2*-enabled nginx-1.21.5 naxsi build fails with pcre*2*-enabled nginx-1.21.5: incorrect PCRE_MULTILINE usage Dec 28, 2021
@icebluey
Copy link

same issue.
nginx: 1.21.5
pcre2: 10.39

    ../modules/ngx_http_naxsi_module/naxsi_src/naxsi_runtime.c
../modules/ngx_http_naxsi_module/naxsi_src/naxsi_runtime.c: In function 'ngx_http_process_basic_rule_buffer':
../modules/ngx_http_naxsi_module/naxsi_src/naxsi_runtime.c:205:61: error: invalid use of incomplete typedef 'ngx_regex_t' {aka 'struct pcre2_real_code_8'}
  205 |       (tmp_idx < len && (match = pcre_exec(rl->br->rx->regex->code,
      |                                                             ^~
../modules/ngx_http_naxsi_module/naxsi_src/naxsi_runtime.c: In function 'ngx_http_naxsi_pcre_wrapper':
../modules/ngx_http_naxsi_module/naxsi_src/naxsi_runtime.c:500:30: error: invalid use of incomplete typedef 'ngx_regex_t' {aka 'struct pcre2_real_code_8'}
  500 |   match = pcre_exec(rx->regex->code, 0, (const char*)str, len, 0, 0, captures, 1);
      |                              ^~
make[1]: *** [objs/Makefile:2297: objs/addon/naxsi_src/naxsi_runtime.o] Error 1
make: *** [Makefile:10: build] Error 2

laluigino added a commit to laluigino/naxsi that referenced this issue Feb 11, 2022
@laluigino
Fix: use pcre2 when building with nginx >= 1.21.5
5046ff4 
I've tried to compile naxsi 1.3 as module for nginx 1.21.6, and got the error:

error: invalid use of incomplete typedef 'ngx_regex_t' {aka 'struct pcre2_real_code_8'}
  205 |       (tmp_idx < len && (match = pcre_exec(rl->br->rx->regex->code,

I found this issue report: Ref: nbs-system#580
then i tried to solve the pcre2 compatibility issue.

I've included an helper function that is 'copied' from: https://github.com/nginx/nginx/blob/master/src/core/ngx_regex.c#L393
that it is called in place of 'pcre_exec' when nginx_version >= 1021005

Not sure if this is the best solution, but I managed to build naxsi 1.3 as module for nginx 1.21.6 succesfully, and it seems to work well.

I'm not used to develop in C anymore (since 25 years ago, at least!), but I hope that this patch I made can help anybody else.
@laluigino laluigino mentioned this issue Feb 11, 2022
Closed
@vndroid
Copy link

vndroid commented May 30, 2022

same issue.
nginx: 1.22.0
pcre2: 10.39

	-o objs/addon/naxsi_src/naxsi_runtime.o \
	/src/naxsi/naxsi_src/naxsi_runtime.c
/src/naxsi/naxsi_src/naxsi_runtime.c: In function 'ngx_http_process_basic_rule_buffer':
/src/naxsi/naxsi_src/naxsi_runtime.c:205:61: error: invalid use of incomplete typedef 'ngx_regex_t' {aka 'struct pcre2_real_code_8'}
  205 |       (tmp_idx < len && (match = pcre_exec(rl->br->rx->regex->code,
      |                                                             ^~
/src/naxsi/naxsi_src/naxsi_runtime.c: In function 'ngx_http_naxsi_pcre_wrapper':
/src/naxsi/naxsi_src/naxsi_runtime.c:500:30: error: invalid use of incomplete typedef 'ngx_regex_t' {aka 'struct pcre2_real_code_8'}
  500 |   match = pcre_exec(rx->regex->code, 0, (const char*)str, len, 0, 0, captures, 1);
      |                              ^~
make[1]: *** [objs/Makefile:3170: objs/addon/naxsi_src/naxsi_runtime.o] Error 1
make: *** [Makefile:16: modules] Error 2

@rickygm
Copy link

rickygm commented Jun 1, 2022

same here:

make[1]: *** [objs/Makefile:2244: objs/addon/naxsi_src/naxsi_runtime.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make[1]: Leaving directory '/rpm/nginx-1.22.0'
make: *** [Makefile:10: build] Error 2

@heftig heftig mentioned this issue Jun 10, 2022
Closed
@grazzolini
Copy link

For what's worth, we are using this patch on Arch to build this module:
https://github.com/archlinux/svntogit-community/blob/packages/nginx-mod-naxsi/trunk/587-pcre2.patch

wargio pushed a commit that referenced this issue Jun 15, 2022
@dvershinin @laluigino
PCRE2 compatibility (#587)
d68c33b 
* Fix: use pcre2 when building with nginx >= 1.21.5

I've tried to compile naxsi 1.3 as module for nginx 1.21.6, and got the error:

error: invalid use of incomplete typedef 'ngx_regex_t' {aka 'struct pcre2_real_code_8'}
  205 |       (tmp_idx < len && (match = pcre_exec(rl->br->rx->regex->code,

I found this issue report: Ref: #580
then i tried to solve the pcre2 compatibility issue.

I've included an helper function that is 'copied' from: https://github.com/nginx/nginx/blob/master/src/core/ngx_regex.c#L393
that it is called in place of 'pcre_exec' when nginx_version >= 1021005

Not sure if this is the best solution, but I managed to build naxsi 1.3 as module for nginx 1.21.6 succesfully, and it seems to work well.

I'm not used to develop in C anymore (since 25 years ago, at least!), but I hope that this patch I made can help anybody else.

* Added a check for nginx_version >= 1021005

Added a check for nginx_version >= 1021005 to avoid helper function definition on older versions

* Use NGX_PCRE2 conditional

Update naxsi.h

Don't include pcre.h in order for compilation to work both against pcre and pcre2

Fix pcre vs pcre2 compilation

Co-authored-by: laluigino <99279306+laluigino@users.noreply.github.com>
wargio pushed a commit that referenced this issue Sep 14, 2022
@dvershinin @laluigino @wargio
PCRE2 compatibility (#587)
2937c44 
* Fix: use pcre2 when building with nginx >= 1.21.5

I've tried to compile naxsi 1.3 as module for nginx 1.21.6, and got the error:

error: invalid use of incomplete typedef 'ngx_regex_t' {aka 'struct pcre2_real_code_8'}
  205 |       (tmp_idx < len && (match = pcre_exec(rl->br->rx->regex->code,

I found this issue report: Ref: #580
then i tried to solve the pcre2 compatibility issue.

I've included an helper function that is 'copied' from: https://github.com/nginx/nginx/blob/master/src/core/ngx_regex.c#L393
that it is called in place of 'pcre_exec' when nginx_version >= 1021005

Not sure if this is the best solution, but I managed to build naxsi 1.3 as module for nginx 1.21.6 succesfully, and it seems to work well.

I'm not used to develop in C anymore (since 25 years ago, at least!), but I hope that this patch I made can help anybody else.

* Added a check for nginx_version >= 1021005

Added a check for nginx_version >= 1021005 to avoid helper function definition on older versions

* Use NGX_PCRE2 conditional

Update naxsi.h

Don't include pcre.h in order for compilation to work both against pcre and pcre2

Fix pcre vs pcre2 compilation

Co-authored-by: laluigino <99279306+laluigino@users.noreply.github.com>
@wargio
Copy link
Contributor

wargio commented Sep 17, 2022

I do not know why this is still open but it was fixed: wargio/naxsi@9e06c5f

@wargio wargio closed this as completed Sep 17, 2022
@saez0pub
Copy link
Contributor

saez0pub commented Oct 7, 2022

Hello,

Could you please release this fix 👍 ?

@wargio
Copy link
Contributor

wargio commented Oct 7, 2022

Hello,

Could you please release this fix +1 ?

It is fixed: https://github.com/wargio/naxsi

@saez0pub
Copy link
Contributor

saez0pub commented Oct 8, 2022

Sorry, it wasn't clear enough.
Thank you for fixing this 🙏 .
My question is more about making a new release, version 1.4, including this fix. 🚀

@wargio
Copy link
Contributor

wargio commented Oct 8, 2022

Not going to happen in this repository.
This repository is considered abandoned thus you should use mine.

@dvershinin dvershinin mentioned this issue Nov 14, 2022
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@petecooper @wargio @saez0pub @grazzolini @rickygm @vndroid @icebluey @pgnd