Modsecurity: Chrash in 2.9.2 libapr1.dll

Created on 23 Aug 2017  路  5Comments  路  Source: SpiderLabs/ModSecurity

940 is closed, but still crash in 2.9.2 once in a while.

At #940 I added the latest call stack.

2.x Platform - Apache RIP - release-2.9.2

Most helpful comment

Still fine, no crashes anymore.

I am oh so happy that the crashes are gone. It was holding a lot to use mod_security. I think the fix is also a benefit for other modules.

Cheers,

Steffen
www.apachelounge.com

I think you can close.

All 5 comments

More info with Apache 2.4.28

**apr_pool.c**

    node = active->next;
    if (size <= node_free_space(node)) {
==>        list_remove(node);
    }
    else {


**mod_security2.C**

#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2

    if (info->file != NULL) em->file = apr_pstrdup(msr->mp, info->file);

    em->line = info->line;

    em->level = info->level;

    em->status = info->status;

==>    em->message = apr_pstrdup(msr->mp, errstr);

#else




**Call Stack**

    libapr-1.dll!apr_palloc(apr_pool_t * pool, unsigned __int64 in_size) Line 849   C   Symbols loaded.
    [Inline Frame] libapr-1.dll!apr_pmemdup(apr_pool_t *) Line 118  C   Symbols loaded.
    libapr-1.dll!apr_pstrdup(apr_pool_t * a, const char * s) Line 78    C   Symbols loaded.
>>  mod_security2.so!hook_error_log(const ap_errorlog_info * info, const char * errstr) Line 1166   C   Symbols loaded.
    [Inline Frame] libhttpd.dll!ap_run_error_log(const ap_errorlog_info * errstr, const char *) Line 1949   C   Symbols loaded.
    libhttpd.dll!log_error_core(const char * file, int line, int module_index, int level, int status, const server_rec * s, const conn_rec * c, const request_rec * r, apr_pool_t * pool, const char * fmt, char * args) Line 1314  C   Symbols loaded.
    libhttpd.dll!ap_log_rerror_(const char * file, int line, int module_index, int level, int status, const request_rec * r, const char * fmt, ...) Line 1378   C   Symbols loaded.
    libhttpd.dll!ap_process_request(request_rec * r) Line 492   C   Symbols loaded.
    [Inline Frame] libhttpd.dll!ap_process_http_sync_connection(conn_rec *) Line 210    C   Symbols loaded.
    libhttpd.dll!ap_process_http_connection(conn_rec * c) Line 251  C   Symbols loaded.
    libhttpd.dll!ap_run_process_connection(conn_rec * c) Line 42    C   Symbols loaded.
    libhttpd.dll!ap_process_connection(conn_rec * c, void * csd) Line 228   C   Symbols loaded.
    libhttpd.dll!worker_main(void * thread_num_val) Line 816    C   Symbols loaded.
    [Frames may be missing, no binary loaded for kernel32.dll]      Annotated Frame
    kernel32.dll!00007ffbfe0813d2() Unknown No symbols loaded.



**Autos:**

        apr_pstrdup 0x00007ffbf7f0310a {mod_security2.so!apr_pstrdup}   void *
+       em  0x000000ce01b79660 {file=0x000000ce01b79680 "modules\\http\\http_request.c" line=487 level=6 ...}   error_message_t *
        em->level   6   int
        em->line    487 int
+       em->message 0x0000000000000000 <NULL>   const char *
        em->status  70007   int
+       errstr  0x000000cdfb87dcba "AH01581: Timeout while writing data for URI /download/VC15/binaries/httpd-2.4.28-Win64-VC15.zip to the client"  const char *
+       info    0x000000cdfb87dbd0 {s=0x000000cd8465a3b0 {process=0x000000cd83c307c0 {pool=0x000000cd83c306b8 {...} ...} ...} ...}  const ap_errorlog_info *
        info->level 6   const int
        info->line  487 const int
        info->status    70007   const int
+       msr 0x000000ce06eaa188 {mp=0x000000ce01b59638 {...} modsecurity=0x000000cd83cb3fa0 {mp=0x000000cd83c326c8 {...} ...} ...}   modsec_rec *
        msr->mp 0x000000ce01b59638 {...}    apr_pool_t *





It happens just after this message in the apache error.log:

[Fri Oct 20 14:52:40.971748 2017] [http:info] [pid 3896:tid 2472] (70007)The timeout specified has expired: [client 110.54.171.140:49594] AH01581: Timeout while writing data for URI /download/VC15/binaries/httpd-2.4.28-Win64-VC15.zip to the client, referer: https://www.apachelounge.com/download/
[Fri Oct 20 14:52:41.172758 2017] [mpm_winnt:notice] [pid 8012:tid 424] AH00428: Parent: child process 3896 exited with status 3221225477 -- Restarting.

Looks like it happens when mod-security handles the error log message from Apache.
Also the last part of the message is in the Call Stack above: errstr 0x000000cdfb87dcba "AH01581: Timeout while writing data for URI /download/VC15/binaries....

It happens not always with above message and no rule involved.

No other crashes on this server.

Running now with the fix http://svn.apache.org/viewvc?view=revision&sortby=date&revision=1826556

Looks like this solves the issue.

Still fine, no crashes anymore.

I am oh so happy that the crashes are gone. It was holding a lot to use mod_security. I think the fix is also a benefit for other modules.

Cheers,

Steffen
www.apachelounge.com

I think you can close.

Was this page helpful?
0 / 5 - 0 ratings