nginx segfaulting with mod_security

Robert Paprocki rpaprocki at fearnothingproductions.net
Sat Apr 12 23:44:28 UTC 2014


Hello,

I have compiled nginx-1.5.13 with modsecurity-2.7.7 and am seeing
occasional segfaults when sending requests to the server. mod_security
was compiled as a standalone module per the instructions made available
at
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Installation_for_NGINX.
The segfaults appear sporadic and do not seem to match up with any given
request. Below is my nginx configuration:

[root at poseidon src]# nginx -V
nginx version: nginx/1.5.13
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid
--lock-path=/var/run/nginx.lock
--http-client-body-temp-path=/var/cache/nginx/client_temp
--http-proxy-temp-path=/var/cache/nginx/proxy_temp
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
--http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx
--group=nginx --with-debug --with-http_ssl_module
--with-http_realip_module --with-http_addition_module
--with-http_sub_module --with-http_dav_module --with-http_flv_module
--with-http_mp4_module --with-http_gunzip_module
--with-http_gzip_static_module --with-http_random_index_module
--with-http_secure_link_module --with-http_stub_status_module
--with-mail --with-mail_ssl_module --with-file-aio --with-ipv6
--with-cc-opt='-g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386
-mtune=generic -fasynchronous-unwind-tables -g -O0'
--add-module=../modsecurity-apache_2.7.7/nginx/modsecurity/

Also, a backtrace of the core dump:
(gdb) bt
#0  0x080a1827 in ngx_http_write_filter (r=0x83bb078, in=0x8baaa6c) at
src/http/ngx_http_write_filter_module.c:121
#1  0x080bc0d4 in ngx_http_chunked_body_filter (r=0x83bb078, in=0x8baaa6c)
    at src/http/modules/ngx_http_chunked_filter_module.c:111
#2  0x080c462b in ngx_http_gzip_body_filter (r=0x83bb078, in=0x8baaa6c)
    at src/http/modules/ngx_http_gzip_filter_module.c:325
#3  0x080c5fb3 in ngx_http_postpone_filter (r=0x83bb078, in=0x8baaa6c)
    at src/http/ngx_http_postpone_filter_module.c:82
#4  0x080c6581 in ngx_http_ssi_body_filter (r=0x83bb078, in=0x8baaa6c)
    at src/http/modules/ngx_http_ssi_filter_module.c:408
#5  0x080cc021 in ngx_http_charset_body_filter (r=0x83bb078, in=0x8baaa6c)
    at src/http/modules/ngx_http_charset_filter_module.c:553
#6  0x080ce31f in ngx_http_sub_body_filter (r=0x83bb078, in=0x8baaa6c)
    at src/http/modules/ngx_http_sub_filter_module.c:201
#7  0x080cf730 in ngx_http_addition_body_filter (r=0x83bb078, in=0x8baaa6c)
    at src/http/modules/ngx_http_addition_filter_module.c:147
#8  0x080cfc78 in ngx_http_gunzip_body_filter (r=0x83bb078, in=0x8baaa6c)
    at src/http/modules/ngx_http_gunzip_filter_module.c:184
#9  0x081146bd in ngx_http_modsecurity_body_filter (r=0x83bb078,
in=0xbf7ff8b4)
    at
../modsecurity-apache_2.7.7/nginx/modsecurity//ngx_http_modsecurity.c:1252
#10 0x08055381 in ngx_output_chain (ctx=0x8baa9b8, in=0xbf7ff8b4) at
src/core/ngx_output_chain.c:66
#11 0x080a253c in ngx_http_copy_filter (r=0x83bb078, in=0xbf7ff8b4) at
src/http/ngx_http_copy_filter_module.c:143
#12 0x080bd477 in ngx_http_range_body_filter (r=0x83bb078, in=0xbf7ff8b4)
    at src/http/modules/ngx_http_range_filter_module.c:594
#13 0x0808e81e in ngx_http_output_filter (r=0x83bb078, in=0xbf7ff8b4) at
src/http/ngx_http_core_module.c:1964
#14 0x0809c72f in ngx_http_send_special (r=0x83bb078, flags=1) at
src/http/ngx_http_request.c:3332
#15 0x080b5737 in ngx_http_upstream_finalize_request (r=0x83bb078,
u=0x83bbab0, rc=0)
    at src/http/ngx_http_upstream.c:3551
#16 0x080b4a77 in ngx_http_upstream_process_request (r=0x83bb078) at
src/http/ngx_http_upstream.c:3159
#17 0x080b477e in ngx_http_upstream_process_upstream (r=0x83bb078,
u=0x83bbab0) at src/http/ngx_http_upstream.c:3090
#18 0x080b329a in ngx_http_upstream_send_response (r=0x83bb078,
u=0x83bbab0) at src/http/ngx_http_upstream.c:2493
#19 0x080b1937 in ngx_http_upstream_process_header (r=0x83bb078,
u=0x83bbab0) at src/http/ngx_http_upstream.c:1735
#20 0x080b02ef in ngx_http_upstream_handler (ev=0x8b31f5c) at
src/http/ngx_http_upstream.c:977
#21 0x080726fd in ngx_event_process_posted (cycle=0x83b45a8,
posted=0x81c495c) at src/event/ngx_event_posted.c:40
#22 0x080708c2 in ngx_process_events_and_timers (cycle=0x83b45a8) at
src/event/ngx_event.c:275
#23 0x0807c629 in ngx_worker_process_cycle (cycle=0x83b45a8, data=0x0)
at src/os/unix/ngx_process_cycle.c:816
#24 0x080795a4 in ngx_spawn_process (cycle=0x83b45a8, proc=0x807c48e
<ngx_worker_process_cycle>, data=0x0,
    name=0x815e33b "worker process", respawn=-3) at
src/os/unix/ngx_process.c:198
#25 0x0807b720 in ngx_start_worker_processes (cycle=0x83b45a8, n=2,
type=-3) at src/os/unix/ngx_process_cycle.c:364
#26 0x0807aecf in ngx_master_process_cycle (cycle=0x83b45a8) at
src/os/unix/ngx_process_cycle.c:136
#27 0x080500c5 in main (argc=3, argv=0xbf7ffe54) at src/core/nginx.c:407

Unfortunately I am not skilled at reading c backtraces. I was going to
attach the debug log but it's very large and I don't want to make thi
message much larger :p Below is my nginx coniguration:

user  nginx;
worker_processes  2;

error_log  /var/log/nginx/error.log debug;
pid        /var/run/nginx.pid;
worker_rlimit_core  500M;
working_directory   /tmp;

events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local]
"$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
    fastcgi_buffers 256 4k;
    client_max_body_size 64m;
    #client_body_buffer_size 16m;
    server_tokens off;
}

server {
    listen       23.226.226.175:80;
    server_name  cryptobells.com www.cryptobells.com;
    root /var/www/cryptobells;
    rewrite     ^   https://$server_name$request_uri? permanent;
    location / {
        index  index.php index.html index.htm;
        try_files $uri $uri/ /index.php?$args;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    location ~* \.php$ {
        fastcgi_index   index.php;
        fastcgi_pass	unix:/var/run/php-fpm/php-fpm.sock;
        include         fastcgi_params;
        fastcgi_param   SCRIPT_FILENAME
$document_root$fastcgi_script_name;
        fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
    }
}

server {
    listen       23.226.226.175:443 ssl;
    server_name  cryptobells.com www.cryptobells.com;

    ssl_certificate      /etc/ssl/certs/cryptobells.com.crt;
    ssl_certificate_key  /etc/ssl/certs/cryptobells.com.key;

    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers
ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH;
    ssl_prefer_server_ciphers   on;

    root /var/www/cryptobells;
	ModSecurityEnabled on;
        ModSecurityConfig /etc/modsecurity/modsecurity.conf;

    location / {
        index  index.php index.html index.htm;
        try_files $uri $uri/ /index.php?$args;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    location ~* \.php$ {
        fastcgi_index   index.php;
        fastcgi_pass	unix:/var/run/php-fpm/php-fpm.sock;
        include         fastcgi_params;
        fastcgi_param   SCRIPT_FILENAME
$document_root$fastcgi_script_name;
        fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
    }

Please let me know if anyone is able to help identify what could be
causing segfaults, ro if there is any more information I can provide.
Thank you!



More information about the nginx mailing list