Skip to content

parser: extra space in arguments break SecRuleRemoveById #1440

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
defanator opened this issue Jun 5, 2017 · 1 comment
Closed

parser: extra space in arguments break SecRuleRemoveById #1440

defanator opened this issue Jun 5, 2017 · 1 comment
Assignees
@zimmerle

Comments

@defanator
Copy link
Contributor

Sample configuration:

root@vagrant:/etc/nginx/modsec# cat main.conf 
include /etc/nginx/modsec/modsecurity.conf

# OWASP CRS v3.0.0 rules
include /etc/nginx/modsec/owasp-crs/crs-setup.conf
include /etc/nginx/modsec/owasp-crs/rules/*.conf

SecRuleRemoveById  920350

Output of nginx -t:

root@vagrant:/etc/nginx/modsec# nginx -t
terminate called after throwing an instance of 'std::out_of_range'
  what():  basic_string::at: __n (which is 0) >= this->size() (which is 0)
Aborted (core dumped)

Without extra space after SecRuleRemoveById:

root@vagrant:/etc/nginx/modsec# diff -u main.conf.bad main.conf
--- main.conf.bad	2017-06-05 09:42:22.918097883 +0000
+++ main.conf	2017-06-05 09:42:27.654097883 +0000
@@ -4,4 +4,4 @@
 include /etc/nginx/modsec/owasp-crs/crs-setup.conf
 include /etc/nginx/modsec/owasp-crs/rules/*.conf
 
-SecRuleRemoveById  920350
+SecRuleRemoveById 920350

root@vagrant:/etc/nginx/modsec# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Backtrace:

Core was generated by `nginx -t'.
Program terminated with signal SIGABRT, Aborted.
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:58
58	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:58
#1  0x00007f911ebaa3ea in __GI_abort () at abort.c:89
#2  0x00007f911d61c58d in __gnu_cxx::__verbose_terminate_handler () at ../../../../src/libstdc++-v3/libsupc++/vterminate.cc:95
#3  0x00007f911d61a336 in __cxxabiv1::__terminate (handler=<optimized out>) at ../../../../src/libstdc++-v3/libsupc++/eh_terminate.cc:47
#4  0x00007f911d61a381 in std::terminate () at ../../../../src/libstdc++-v3/libsupc++/eh_terminate.cc:57
#5  0x00007f911d61a5e9 in __cxxabiv1::__cxa_rethrow () at ../../../../src/libstdc++-v3/libsupc++/eh_throw.cc:125
#6  0x00007f911e6246ea in yy::seclang_parser::parse (this=this@entry=0x7fff10acd270) at seclang-parser.cc:4305
#7  0x00007f911e65f680 in modsecurity::Parser::Driver::parse (this=this@entry=0x5559b453e790, 
    f="include /etc/nginx/modsec/modsecurity.conf\n\n# OWASP CRS v3.0.0 rules\ninclude /etc/nginx/modsec/owasp-crs/crs-setup.conf\ninclude /etc/nginx/modsec/owasp-crs/rules/*.conf\n\nSecRuleRemoveById  920350\n", ref="/etc/nginx/modsec/main.conf") at parser/driver.cc:141
#8  0x00007f911e65fa51 in modsecurity::Parser::Driver::parseFile (this=this@entry=0x5559b453e790, f="/etc/nginx/modsec/main.conf") at parser/driver.cc:172
#9  0x00007f911e6791a4 in modsecurity::Rules::loadFromUri (this=this@entry=0x5559b453e1f0, uri=uri@entry=0x5559b4540a7f "/etc/nginx/modsec/main.conf") at rules.cc:104
#10 0x00007f911e6794c5 in modsecurity::msc_rules_add_file (rules=0x5559b453e1f0, file=file@entry=0x5559b4540a7f "/etc/nginx/modsec/main.conf", error=error@entry=0x7fff10acd6f0)
    at rules.cc:301
#11 0x00007f911e96f7ab in ngx_conf_set_rules_file (cf=<optimized out>, cmd=<optimized out>, conf=0x5559b4540800) at ../ModSecurity-nginx/src/ngx_http_modsecurity_module.c:310
#12 0x00005559b3093ff9 in ngx_conf_handler (last=0, cf=0x7fff10ace3d0) at src/core/ngx_conf_file.c:462
#13 ngx_conf_parse (cf=cf@entry=0x7fff10ace3d0, filename=filename@entry=0x0) at src/core/ngx_conf_file.c:318
#14 0x00005559b30b8ee7 in ngx_http_core_location (cf=0x7fff10ace3d0, cmd=<optimized out>, dummy=<optimized out>) at src/http/ngx_http_core_module.c:3206
#15 0x00005559b3093ff9 in ngx_conf_handler (last=1, cf=0x7fff10ace3d0) at src/core/ngx_conf_file.c:462
#16 ngx_conf_parse (cf=cf@entry=0x7fff10ace3d0, filename=filename@entry=0x0) at src/core/ngx_conf_file.c:318
#17 0x00005559b30b7d1e in ngx_http_core_server (cf=0x7fff10ace3d0, cmd=<optimized out>, dummy=<optimized out>) at src/http/ngx_http_core_module.c:2978
#18 0x00005559b3093ff9 in ngx_conf_handler (last=1, cf=0x7fff10ace3d0) at src/core/ngx_conf_file.c:462
#19 ngx_conf_parse (cf=cf@entry=0x7fff10ace3d0, filename=filename@entry=0x0) at src/core/ngx_conf_file.c:318
#20 0x00005559b30b2c5a in ngx_http_block (cf=0x7fff10ace3d0, cmd=<optimized out>, conf=0x5559b44c07a0) at src/http/ngx_http.c:237
#21 0x00005559b3093ff9 in ngx_conf_handler (last=1, cf=0x7fff10ace3d0) at src/core/ngx_conf_file.c:462
#22 ngx_conf_parse (cf=cf@entry=0x7fff10ace3d0, filename=filename@entry=0x5559b44bf990) at src/core/ngx_conf_file.c:318
#23 0x00005559b3091871 in ngx_init_cycle (old_cycle=0x7fff10ace590) at src/core/ngx_cycle.c:277
#24 0x00005559b307f4ac in main (argc=<optimized out>, argv=<optimized out>) at src/core/nginx.c:277
(gdb)
@victorhora victorhora self-assigned this Jun 5, 2017
zimmerle pushed a commit that referenced this issue Jun 7, 2017
Fix crash on SecRuleRemoveById malformated parameter
e795253 
Fix issue #1440
@zimmerle zimmerle self-assigned this Jun 7, 2017
@zimmerle
Copy link
Contributor

zimmerle commented Jun 7, 2017

Thanks @defanator ;)

Fixed - e795253

@zimmerle zimmerle closed this as completed Jun 7, 2017
@victorhora victorhora removed their assignment Jun 7, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zimmerle zimmerle

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zimmerle @defanator @victorhora