Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation fault when uploading file with SecStreamInBodyInspection enabled #394

Closed
rcbarnett-zz opened this issue Oct 17, 2013 · 7 comments
Closed

Segmentation fault when uploading file with SecStreamInBodyInspection enabled #394

rcbarnett-zz opened this issue Oct 17, 2013 · 7 comments
Assignees
@zimmerle

Comments

@rcbarnett-zz
Copy link
Contributor

MODSEC-240: I get a segmentation fault when uploading file with SecStreamInBodyInspection enabled. The crash is during upload and no rules need to be running.
@ghost ghost assigned zimmerle Oct 17, 2013
@rcbarnett-zz
Copy link
Contributor Author

Original reporter: ivanr

@rcbarnett-zz
Copy link
Contributor Author

ivanr: This is the debug log of the crash.

@rcbarnett-zz
Copy link
Contributor Author

bpinto: Please .. can u attach your main configuration file and the backtrace ?

@rcbarnett-zz
Copy link
Contributor Author

ivanr: Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000018
0x000000010033ca7d in modsecurity_request_body_to_stream ()
(gdb) bt full
#0 0x000000010033ca7d in modsecurity_request_body_to_stream ()
No symbol table info available.
#1 0x000000010033d0a6 in modsecurity_request_body_end ()
No symbol table info available.
#2 0x0000000100309718 in read_request_body ()
No symbol table info available.
#3 0x0000000100302969 in hook_request_late ()
No symbol table info available.
#4 0x0000000100024d0e in ap_run_fixups ()
No symbol table info available.
#5 0x0000000100025996 in ap_process_request_internal ()
No symbol table info available.
#6 0x000000010004123a in ap_process_request ()
No symbol table info available.
#7 0x000000010003dabc in ap_process_http_connection ()
No symbol table info available.
#8 0x0000000100012d27 in ap_run_process_connection ()
No symbol table info available.
#9 0x00000001000131f5 in ap_process_connection ()
No symbol table info available.
#10 0x000000010005cc62 in child_main ()
No symbol table info available.
#11 0x000000010005cd55 in make_child ()
No symbol table info available.
#12 0x000000010005d328 in ap_mpm_run ()
No symbol table info available.
#13 0x0000000100009dac in main ()
No symbol table info available.

@rcbarnett-zz
Copy link
Contributor Author

ivanr: SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On

SecAuditEngine On
SecAuditLogType Serial
SecAuditLog logs/modsec_audit.log
SecAuditLogParts ABCDEFHJKZ

SecDebugLog logs/modsec_debug.log
SecDebugLogLevel 9

@rcbarnett-zz
Copy link
Contributor Author

bpinto: Ivan,

I will create a env and try to reproduce it. What is the file size your are submitting ?

@rcbarnett-zz
Copy link
Contributor Author

ivanr: Sorry, forgot to mention (but you can still deduce it from the debug log ;). It's 680 KB.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zimmerle zimmerle

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zimmerle @rcbarnett-zz