From a04ff71781ce420a2bce2aa864a7a199ac25cffc Mon Sep 17 00:00:00 2001 From: "Martin.Blapp" Date: Thu, 15 Nov 2018 12:41:57 +0100 Subject: [PATCH 1/2] Use tempfiles for apr_global_mutex_create() to fix segfaults with Apache 2.2. Call modsecurity_init() for the first invocation too. --- apache2/mod_security2.c | 3 +-- apache2/modsecurity.c | 9 ++++++--- apache2/modsecurity.h | 4 ++++ 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c index 7bb215e2ed..87fe0006f5 100644 --- a/apache2/mod_security2.c +++ b/apache2/mod_security2.c @@ -692,9 +692,8 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t first_time = 1; apr_pool_userdata_set((const void *)1, "modsecurity-init-flag", apr_pool_cleanup_null, s->process->pool); - } else { - modsecurity_init(modsecurity, mp); } + modsecurity_init(modsecurity, mp); /* Store the original server signature */ real_server_signature = apr_pstrdup(mp, apache_get_server_version()); diff --git a/apache2/modsecurity.c b/apache2/modsecurity.c index dcdb48590c..09b5caa21f 100644 --- a/apache2/modsecurity.c +++ b/apache2/modsecurity.c @@ -133,7 +133,8 @@ int modsecurity_init(msc_engine *msce, apr_pool_t *mp) { curl_global_init(CURL_GLOBAL_ALL); #endif /* Serial audit log mutext */ - rc = apr_global_mutex_create(&msce->auditlog_lock, NULL, APR_LOCK_DEFAULT, mp); + tmpnam(auditlog_lock_name); + rc = apr_global_mutex_create(&msce->auditlog_lock, auditlog_lock_name, APR_LOCK_DEFAULT, mp); if (rc != APR_SUCCESS) { //ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, "mod_security: Could not create modsec_auditlog_lock"); //return HTTP_INTERNAL_SERVER_ERROR; @@ -154,7 +155,8 @@ int modsecurity_init(msc_engine *msce, apr_pool_t *mp) { } #endif /* SET_MUTEX_PERMS */ - rc = apr_global_mutex_create(&msce->geo_lock, NULL, APR_LOCK_DEFAULT, mp); + tmpnam(geo_lock_name); + rc = apr_global_mutex_create(&msce->geo_lock, geo_lock_name, APR_LOCK_DEFAULT, mp); if (rc != APR_SUCCESS) { return -1; } @@ -171,7 +173,8 @@ int modsecurity_init(msc_engine *msce, apr_pool_t *mp) { #endif /* SET_MUTEX_PERMS */ #ifdef GLOBAL_COLLECTION_LOCK - rc = apr_global_mutex_create(&msce->dbm_lock, NULL, APR_LOCK_DEFAULT, mp); + tmpnam(dbm_lock_name); + rc = apr_global_mutex_create(&msce->dbm_lock, dbm_lock_name, APR_LOCK_DEFAULT, mp); if (rc != APR_SUCCESS) { return -1; } diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h index f24bc756a4..8384cc0756 100644 --- a/apache2/modsecurity.h +++ b/apache2/modsecurity.h @@ -133,6 +133,10 @@ typedef struct msc_parm msc_parm; #define FATAL_ERROR "ModSecurity: Fatal error (memory allocation or unexpected internal error)!" +static char auditlog_lock_name[L_tmpnam]; +static char geo_lock_name[L_tmpnam]; +static char dbm_lock_name[L_tmpnam]; + extern DSOLOCAL char *new_server_signature; extern DSOLOCAL char *real_server_signature; extern DSOLOCAL char *chroot_dir; From 4382f8230ceeb0af0b2dad181a5dd65e1b8ce7d9 Mon Sep 17 00:00:00 2001 From: Martin Blapp Date: Tue, 20 Nov 2018 01:02:27 +0100 Subject: [PATCH 2/2] Update modsecurity.h Avoid a unused variable warning. --- apache2/modsecurity.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h index 8384cc0756..11313b9b48 100644 --- a/apache2/modsecurity.h +++ b/apache2/modsecurity.h @@ -135,7 +135,9 @@ typedef struct msc_parm msc_parm; static char auditlog_lock_name[L_tmpnam]; static char geo_lock_name[L_tmpnam]; +#ifdef GLOBAL_COLLECTION_LOCK static char dbm_lock_name[L_tmpnam]; +#endif extern DSOLOCAL char *new_server_signature; extern DSOLOCAL char *real_server_signature;