Skip to content

SecHashEngine Doesn't work with newer version of libxml2 #1072

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
csanders-git opened this issue Feb 7, 2016 · 12 comments
Closed

SecHashEngine Doesn't work with newer version of libxml2 #1072

csanders-git opened this issue Feb 7, 2016 · 12 comments
Assignees
@csanders-git @victorhora
Labels
2.x Related to ModSecurity version 2.x Platform - Apache RIP - release-2.9.1 RIP - Type - Feature
Milestone
v2.9.3

Comments

@csanders-git
Copy link

When using libxml2-2.9.3-1 SecHashingEngine didn't function properly
When using libxml2-2.7.6 SecHashingEngine works properly.

The exploration continues.
@csanders-git
Copy link
Author

Looks like the break happened with 2.9.0
2.8.0 works and is the last version before 2.9.0

@csanders-git
Copy link
Author

libxml2-2.9.0-rc0 does not work - so 2.8.0 is the last known working version

@csanders-git
Copy link
Author

2.8-2.9DIFFS.txt

@csanders-git csanders-git self-assigned this Feb 8, 2016
@csanders-git
Copy link
Author

Check at msc_crypt.c:1081returns true when it shouldn't - and we return.

@csanders-git
Copy link
Author

In functional version we skip #ifdef LIBXML2_NEW_BUFFER
Macro: LIBXML2_NEW_BUFFER

#define LIBXML2_NEW_BUFFER
Macro used to express that the API use the new buffers for xmlParserInputBuffer and xmlOutputBuffer. The change was introduced in 2.9.0.

@csanders-git
Copy link
Author

xmlOutputBufferGetSize(output_buf) is returning 0

@csanders-git
Copy link
Author

It appears xmlOutputBufferGetSize cannot be called on an output_buf after it has been flushed with xmlOutputBufferFlush(output_buf);

@csanders-git
Copy link
Author

Seems like this originated here -> https://mail.gnome.org/archives/xml/2013-June/msg00006.html

@csanders-git
Copy link
Author

5cf5ff0

@csanders-git csanders-git mentioned this issue May 5, 2016
Closed
@dune73
Copy link
Member

dune73 commented May 5, 2016
edited
Loading

Good writeup. Thanks.
Just to please the search-engine: It's SecHashEngine (not SecHashingEngine).

@zimmerle zimmerle changed the title SecHashingEngine Doesn't work with newer version of libxml2 SecHashEngine Doesn't work with newer version of libxml2 May 5, 2016
@dune73
Copy link
Member

dune73 commented May 5, 2016

OK, tried to work around this, but no avail. Actually libxml2 and modsec rule version overlap and I am not totally sure which product is being described at every occurrence. Here is what I did.

  • Compiled libxml2 2.7.8 -> OK
  • Compiled apache 2.4.18 against libxml2 2.7.8 -> OK
  • Compiled modsecurity 2.9.1 against libxml2 2.7.8-> OK -> But standard apache fails with execution error
  • Compiled modsecurity 2.9.1 against apache-with-libxml2-2.7.8 and against libxml2 2.7.8 -> Compilation failure
  • Compiled modsecurity 2.8.0 against standard apache -> OK -> But bug did not go away.

So I am a bit at loss here. What did I get wrong?

@victorhora victorhora self-assigned this Jun 14, 2017
@victorhora victorhora added this to the v2.9.3 milestone Nov 14, 2018
@victorhora
Copy link
Contributor

Can't reproduce this issue with the current codebase of v2.

I believe commit a249574 should have fixed this already. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@csanders-git csanders-git

@victorhora victorhora

Labels
2.x Related to ModSecurity version 2.x Platform - Apache RIP - release-2.9.1 RIP - Type - Feature
Projects
None yet
Milestone
v2.9.3
Development

No branches or pull requests
3 participants
@dune73 @csanders-git @victorhora