ModSecurity: nginx segfault in libmodsecurity.so.3.0.0

When attempting to remove a false positive from CRS Rules, Nginx stops responding and generates segmentation faults with libmodsecurity.

file: RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf add: SecRuleUpdateTargetById 941120 “!REQUEST_HEADERS:Referer”

systemctl reload nginx

Check /var/log/messages:

kernel: nginx[58950]: segfault at 28 ip 00007f59e985af4a sp 00007ffd0657cd80 error 4 in libmodsecurity.so.3.0.0[7f59e9740000+1ed000]

libmodsecurity config output from compiling:

`ModSecurity - v3.0.0-48-ga66aceb for Linux

Mandatory dependencies

  • libInjection …v3.0.0-48-ga66aceb
  • SecLang tests …a66aceb

Optional dependencies

  • GeoIP …found v1.5.0 -lGeoIP , -I/usr/include/
  • LibCURL …found v7.29.0 -lcurl , -DWITH_CURL
  • YAJL …found v2.0.4 -lyajl , -DWITH_YAJL
  • LMDB …not found
  • LibXML2 …found v2.9.1 -lxml2 -lz -lm -ldl, -I/usr/include/libxml2 -DWITH_LIBXML2
  • SSDEEP …not found
  • LUA …not found

Other Options

  • Test Utilities …enabled
  • SecDebugLog …enabled
  • afl fuzzer …disabled
  • library examples …enabled
  • Building parser …disabled
  • Treating pm operations as critical section …disabled`

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 25 (21 by maintainers)

Commits related to this issue

Most upvoted comments

@zimmerle thanks, I can confirm that this one is not reproduced anymore.

+3
defanator on Oct 25, 2018

@zimmerle @victorhora were you able to take a look at this one? Let me know if I could provide anything else here. TIA!

+1
defanator on May 23, 2018

Also, the error_page directive does not have any effect - only additional location block matters.

+1
defanator on Apr 23, 2018
Read more comments on GitHub
← ModSecurity: Multipart: Final boundary missing.
ModSecurity: nginx worker hangs while logging to the audit log →