Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

segmentation fault in chroot jail / modsecurity-2.9.5 #2709

Closed
cacheguard opened this issue Mar 21, 2022 · 2 comments
Closed

segmentation fault in chroot jail / modsecurity-2.9.5 #2709

cacheguard opened this issue Mar 21, 2022 · 2 comments

Comments

@cacheguard
Copy link

Describe the bug

segmentation fault message in apache log with chrooted apache and when the /etc/psswd is not present in the jail. Adding the missing/etc/passwd file is a workaround...

Logs and dumps

Bug (or maybe not really one) identified using gdb in apache2/persist_dbm.c:412 in the collection_store( ) {....}

The username variable is not properly set using the apr_uid_name_get( ). Maybe the returned value code of apr_uid_name_get( ) should be tested before trusting the username variable...

To Reproduce

When using OWASP CRS REQUEST-912-DOS-PROTECTION.conf & SecAction
"id:900700,
phase:1,
nolog,
pass,
t:none,
setvar:'tx.dos_burst_time_slice=60',
setvar:'tx.dos_counter_threshold=100',
setvar:'tx.dos_block_timeout=600'"

All the Best
CG

@martinhsv
Copy link
Contributor

Hi @cacheguard ,

What you are describing is likely a duplicate of #2046 and #2217

@martinhsv
Copy link
Contributor

Closing as duplicate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants