When we have request which contain a large number of form variables (appr. 600Kb), I think I counted 19996 form variables, we observe a segmentation fault in our production system:
[Thu May 04 12:32:36 2017] [notice] child pid 23562 exit signal Segmentation fault (11), possible coredump in /tmp/apache2-gdb-dump
gdb shows that it crashed in
1305 folded_text[position] = s[*pos];
list:
1300 if (current->type != CHAR_NULL) {
1301 printf ("nPos %zun " , pos);
1302 printf ("Current %cn", s[pos]);
1303 printf ("Type %cn",current->type);
1304 sf->stats_tokens += 1;
1305 folded_text[position] = s[*pos];
1306 folded_type[position] = sf->current->type;
1307 position = position + 1;
1308 return TRUE;
1309 }
In our QA system, it goes out of memory.
Although the form has a large number of variables, these could be inspected one by one. I'm not certain how libinjection handles this, but it seems there is somewhere a memory leak.
Smaller requests work fine, and with mod_security set to off, it also works OK. In detectiononly mode it fails, as well as when set to on.
Hi @bjdijk,
Thank you for the report! I've just opened the issue client9/libinjection#124, asking the libInjection contributors which version better fit ModSecurity in terms of stability.
Hi @bjdijk,
I've just updated the libinjection version to v3.10.0. Do you mind to test it and provide us some feedback?
I just did update to the latest version and did some testing. First results
look promising, memory usage seems to be stable. Only in debug mode it
becomes unworkable, but that is no showstopper for me.
Bart-Jan
2017-06-01 4:14 GMT+02:00 Felipe Zimmerle notifications@github.com:
Hi @bjdijk https://github.com/bjdijk,
I've just updated the libinjection version to v3.10.0. Do you mind to test
it again?—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/SpiderLabs/ModSecurity/issues/1412#issuecomment-305369832,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ANKHxTPXc3zKsWjOLipdg9RE5y2CXzBDks5r_h6egaJpZM4NW394
.
Thank you @bjdijk ;)
Most helpful comment
I just did update to the latest version and did some testing. First results
look promising, memory usage seems to be stable. Only in debug mode it
becomes unworkable, but that is no showstopper for me.
Bart-Jan
2017-06-01 4:14 GMT+02:00 Felipe Zimmerle notifications@github.com: