-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Segmentation Fault in modsecurity_log_cb (Security) #85
Comments
Hello @Devstellar , I just thought I should highlight that no one on the core ModSecurity team has any time allocated to working on ModSecurity-apache. The ModSecurity version recommended for use with Apache HTTP Server continues to be v2.9.x (https://github.com/SpiderLabs/ModSecurity-apache#note--this-project-is-not-production-ready ) Since ModSecurity-apache is an open-source project in github, you are, of course, free to experiment with it as you choose. But, please just be aware that there is no real prospect of the sponsoring company's staff following up on any issues you may create. |
Testing ModSecurity3 in Apache I got some httpd cores at random times. Troubleshooting I found this problem.
In frame 4, function modsecurity_log_cb, there are these calls to ap_log_rerror and ap_log_error:
According to apr documentation these calls are prompt to a Format String Attack, and indeed this is the cause of my coredumps, as "msg" is not sanitized, it can contain % characters.
I think the proper calls should be changed to something like this:
The text was updated successfully, but these errors were encountered: