Skip to content

Segmentation fault ctl:ruleRemoveTargetById without target #2033

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
studersi opened this issue Feb 27, 2019 · 3 comments
Closed

Segmentation fault ctl:ruleRemoveTargetById without target #2033

studersi opened this issue Feb 27, 2019 · 3 comments
Assignees
@victorhora
Labels
2.x Related to ModSecurity version 2.x Platform - Apache
Milestone
v2.9.4

Comments

@studersi
Copy link

Leaving out the target for ctl:ruleRemoveTargetById causes segmentation faults.

This has already been reported and fixed for ctl:ruleRemoveTargetByTag: #1353.

My guess is that ctl:ruleRemoveTargetByMsg is affected as well but I did not test this.

Steps to reproduce the behavior:
Add a rule exclusion containing ctl:ruleRemoveTargetById=941130 instead of ctl:ruleRemoveTargetById=941130;ARGS:xxxx

  • ModSecurity 2.9.3
  • Apache 2.4.38
  • Linux
@victorhora victorhora self-assigned this Feb 27, 2019
@victorhora victorhora added Platform - Apache 2.x Related to ModSecurity version 2.x labels Feb 27, 2019
@victorhora victorhora added this to the v2.9.4 milestone Feb 27, 2019
@victorhora victorhora reopened this Mar 4, 2019
@studersi
Copy link
Author

studersi commented Jul 9, 2019

What is the status on this issue, do you need any more information?

@zimmerle
Copy link
Contributor

zimmerle commented Jul 9, 2019

Hi, @studersi

We don't have an ETA to fix this yet. It should be fixed, although the priority is not high as this does not directly impact run time. This seems to be a very welcome task to someone that wants to learn a little bit more about ModSecurity internals.

studersi added a commit to studersi/ModSecurity that referenced this issue Oct 23, 2019
@studersi
This commit closes the issue owasp-modsecurity#2033.
d5c76fa
@studersi studersi mentioned this issue Oct 23, 2019
Closed
zimmerle pushed a commit that referenced this issue Nov 20, 2019
@studersi @zimmerle
Adds a sanity check before use ctl:ruleRemove(TargetById|TargetByMsg)
12cefbd 
This commit closes the issue #2033.
@studersi
Copy link
Author

studersi commented Oct 8, 2020

This was fixed in #2189. Closing the issue.

@studersi studersi closed this as completed Oct 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@victorhora victorhora

Labels
2.x Related to ModSecurity version 2.x Platform - Apache
Projects
None yet
Milestone
v2.9.4
Development

No branches or pull requests
3 participants
@zimmerle @studersi @victorhora