Closed
Description
Describe the bug
Six regression tests from https://github.com/SpiderLabs/ModSecurity/blob/v3/master/test/test-cases/regression/issue-1844.json are segfaulting on FreeBSD 11, FreeBSD 12.
Logs and dumps
Backtrace from regression_tests:
Core was generated by `./regression_tests .././test/test-cases/regression/issue-1844.json:1'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00000008009ed21f in strlen () from /lib/libc.so.7
(gdb) bt
#0 0x00000008009ed21f in strlen () from /lib/libc.so.7
#1 0x000000000032980b in std::__1::char_traits<char>::length (__s=0x0) at /usr/include/c++/v1/__string:217
#2 std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >::basic_string (__s=0x0, this=<optimized out>) at /usr/include/c++/v1/string:1605
#3 modsecurity::operators::Pm::evaluate (this=<optimized out>, transaction=0x0, rule=0x0, input=..., ruleMessage=...) at operators/pm.cc:108
#4 0x000000000032653d in modsecurity::operators::Operator::evaluateInternal (this=0x8012a08c0, transaction=0x0, rule=0x7fffffffcbe2, a=<error reading variable: Cannot access memory at address 0x0>,
rm=...) at operators/operator.cc:74
#5 0x00000000002f4b4c in modsecurity::Rule::executeOperatorAt (this=0x801317780, trans=0x801369000, key="REQUEST_URI", value="/", ruleMessage=...) at rule.cc:319
#6 0x00000000002f7c0e in modsecurity::Rule::evaluate (this=0x801317780, trans=0x801369000, ruleMessage=...) at rule.cc:734
#7 0x0000000000299edf in modsecurity::Rules::evaluate (this=<optimized out>, phase=<optimized out>, t=0x801369000) at rules.cc:257
#8 0x0000000000284a46 in modsecurity::Transaction::processRequestBody (this=<optimized out>) at transaction.cc:840
#9 0x0000000000272b64 in perform_unit_test (test=0x7fffffffe7e0, tests=<optimized out>, res=0x7fffffffe890, count=0x7fffffffe848) at regression/regression.cc:319
#10 0x000000000027525c in main (argc=<optimized out>, argv=0x7fffffffe9b8) at regression/regression.cc:508
(gdb)
(gdb) bt full
#0 0x00000008009ed21f in strlen () from /lib/libc.so.7
No symbol table info available.
#1 0x000000000032980b in std::__1::char_traits<char>::length (__s=0x0) at /usr/include/c++/v1/__string:217
No locals.
#2 std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >::basic_string (__s=0x0, this=<optimized out>) at /usr/include/c++/v1/string:1605
No locals.
#3 modsecurity::operators::Pm::evaluate (this=<optimized out>, transaction=0x0, rule=0x0, input=..., ruleMessage=...) at operators/pm.cc:108
rc = <optimized out>
pt = {parser = 0x801309c80, ptr = 0x8012a0930}
match = 0x0
#4 0x000000000032653d in modsecurity::operators::Operator::evaluateInternal (this=0x8012a08c0, transaction=0x0, rule=0x7fffffffcbe2, a=<error reading variable: Cannot access memory at address 0x0>,
rm=...) at operators/operator.cc:74
res = <optimized out>
#5 0x00000000002f4b4c in modsecurity::Rule::executeOperatorAt (this=0x801317780, trans=0x801369000, key="REQUEST_URI", value="/", ruleMessage=...) at rule.cc:319
ret = <optimized out>
#6 0x00000000002f7c0e in modsecurity::Rule::evaluate (this=0x801317780, trans=0x801369000, ruleMessage=...) at rule.cc:734
ret = <optimized out>
valueAfterTrans = <optimized out>
valueTemp = <optimized out>
Python Exception <class 'TypeError'> unsupported operand type(s) for +: 'NoneType' and 'str':
__range = @0x801297c00: std::list = {[0] = {<std::__1::__non_trivially_copyable_base> = {<No data fields>}, first = {__ptr_ = 0x1, __cntrl_ = 0x1}, second = {__ptr_ = 0x194378b5c4b02e1,
__cntrl_ = 0x80136a930}}}
__begin = <optimized out>
__end = <optimized out>
key = "REQUEST_URI"
values = std::list = {[0] = {<std::__1::__non_trivially_copyable_base> = {<No data fields>}, first = {__ptr_ = 0x80138c180, __cntrl_ = 0x80138c0c0}, second = {__ptr_ = 0x80138c220,
__cntrl_ = 0x80138c300}}}
value = "/"
v = <optimized out>
__range = <optimized out>
__begin = <optimized out>
__end = <optimized out>
e = <optimized out>
var = @0x80138c020: 0x801309b00
__range = <optimized out>
__begin = <optimized out>
__end = <optimized out>
variables = 0x80138d780
containsBlock = <optimized out>
recursiveGlobalRet = <optimized out>
finalVars = <optimized out>
eparam = <optimized out>
vars = <optimized out>
exclusion = <optimized out>
isItToBeLogged = <optimized out>
#7 0x0000000000299edf in modsecurity::Rules::evaluate (this=<optimized out>, phase=<optimized out>, t=0x801369000) at rules.cc:257
remove_rule = <optimized out>
rule = <optimized out>
rules = <optimized out>
--Type <RET> for more, q to quit, c to continue without paging--
#8 0x0000000000284a46 in modsecurity::Transaction::processRequestBody (this=<optimized out>) at transaction.cc:840
l = std::vector of length 6 = {0x80138da00, 0x80138d980, 0x80138d900, 0x80138d880, 0x80138d800, 0x80138d780}
a = <optimized out>
fullRequest = <optimized out>
#9 0x0000000000272b64 in perform_unit_test (test=0x7fffffffe7e0, tests=<optimized out>, res=0x7fffffffe890, count=0x7fffffffe848) at regression/regression.cc:319
testRes = <optimized out>
offset = <optimized out>
found = <error reading variable found (Cannot access memory at address 0x1)>
d = <optimized out>
modsec = 0x8012a0380
r = <optimized out>
serverLog = <optimized out>
filename = <optimized out>
debug_log = <optimized out>
modsec_transaction = <optimized out>
modsec_rules = <optimized out>
t = 0x801312000
__range = <optimized out>
__begin = <optimized out>
__end = <optimized out>
#10 0x000000000027525c in main (argc=<optimized out>, argv=0x7fffffffe9b8) at regression/regression.cc:508
tests = 0x0
a = <optimized out>
Python Exception <class 'TypeError'> unsupported operand type(s) for +: 'NoneType' and 'str':
__range = @0x801297150: std::list = {[0] = "\000\000", [1] = ".././test/test-cases/regression/issue-1844.json:m_lineNumber ... mapping ... correct line number in file (1/n)",
[2] = ".././test/test-cases/regression/issue-1844.json:m_lineNumber ... mapping ... correct line number in file (2/n)",
[3] = ".././test/test-cases/regression/issue-1844.json:m_lineNumber ... mapping ... correct line number in file (3/n)",
[4] = ".././test/test-cases/regression/issue-1844.json:m_lineNumber ... mapping ... correct line number in file (4/n)",
[5] = ".././test/test-cases/regression/issue-1844.json:m_lineNumber ... mapping ... correct line number in file (5/n)"}
__begin = <optimized out>
__end = <optimized out>
test_number = <error reading variable test_number (Cannot access memory at address 0x0)>
counter = <error reading variable counter (Cannot access memory at address 0x0)>
keyList = std::list = {[0] = ".././test/test-cases/regression/issue-1844.json:m_lineNumber ... mapping ... correct line number in file (1/n)",
[1] = ".././test/test-cases/regression/issue-1844.json:m_lineNumber ... mapping ... correct line number in file (2/n)",
[2] = ".././test/test-cases/regression/issue-1844.json:m_lineNumber ... mapping ... correct line number in file (3/n)",
[3] = ".././test/test-cases/regression/issue-1844.json:m_lineNumber ... mapping ... correct line number in file (4/n)",
[4] = ".././test/test-cases/regression/issue-1844.json:m_lineNumber ... mapping ... correct line number in file (5/n)",
[5] = ".././test/test-cases/regression/issue-1844.json:m_lineNumber ... mapping ... correct line number in file (6/n)"}
passed = <optimized out>
failed = <optimized out>
disabled = <optimized out>
skipped = <optimized out>
test = <optimized out>
ver = <optimized out>
envvar = <optimized out>
res = <optimized out>
(gdb)
To Reproduce
Build libmodsecurity, run gmake check-TESTS or gmake test/test-cases/regression/issue-1844.json.log.
Expected behavior
Tests pass.
Server (please complete the following information):
- ModSecurity:
$ git describe
v3.0.3-96-gbeedddd6
- OS (and distro): [e.g. Linux, archlinux]
# uname -a
FreeBSD freebsd12-amd64-builder-builder 12.0-RELEASE-p3 FreeBSD 12.0-RELEASE-p3 GENERIC amd64
# cc -v
FreeBSD clang version 6.0.1 (tags/RELEASE_601/final 335540) (based on LLVM 6.0.1)
Target: x86_64-unknown-freebsd12.0
Thread model: posix
InstalledDir: /usr/bin