Segfault Error with Mod_Security Module Enabled

brianl721 · Jul 18, 2018

Hi,
The bug is described below, thanks!

Description: Openlitspeed crashed with segfault error in system log when mod_security is on configured with OWASP CSR3 rules.

System Details:
OS: Debian GNU/Linux 9.5
OpenLiteSpeed VERSION: 1.4.34-1+stretch (from apt repository)
*LiteSpeed ModSecurity Module enabled

Configuration File:

1. Openlitespeed ModSecurity Module Configuration

Code:

module mod_security {
modsecurity  on
modsecurity_rules `
            SecRuleEngine On
            Include /usr/local/lsws/modsecurity/owasp-modsecurity-crs/crs-setup.conf
            Include /usr/local/lsws/modsecurity/owasp-modsecurity-crs/rules/*.conf
        `
}

Log File:

1. Openlitespeed error log before crash:

https://drive.google.com/file/d/1b08eLurNTpHpeSCeqjR6vAt7A3Nuwx18/view?usp=sharing

2. System Log:

Code:

[57249.419728] litespeed[7573]: segfault at 7fff89177000 ip 0000559998f0e2e8 sp 00007fff891701f8 error 6 in openlitespeed[559998dbb000+353000]
[57253.621396] litespeed[7808]: segfault at 7fffd40c4000 ip 000055c90abe72e8 sp 00007fffd40bd058 error 6 in openlitespeed[55c90aa94000+353000]

Thanks,
Brian

David · Jul 18, 2018

Hi Brian,

Please make sure you build the module and openlitespeed with the same source code.
It seems the module is not loaded correctly.

Thanks.
David

Segfault Error with Mod_Security Module Enabled

brianl721

New Member

David

Active Member