When using Lua 5.2 and using SecRuleScript, every HTTP request causes httpd to segfault. When using Lua 5.1, lua works normally.
httpd.conf:
SecRuleScript ./test.lua block
test.lua:
-- Your script must define the main entry
-- point, as below.
function main()
-- return "Variable ARGS:p looks suspicious!"
return nil;
end
Result: Every HTTP request causes the Apache child to die:
PANIC: unprotected error in call to Lua API (attempt to index a nil value)
PANIC: unprotected error in call to Lua API (attempt to index a nil value)
[Sun Nov 23 20:41:43.079172 2014] [core:notice] [pid 94744] AH00051: child pid 94745 exit signal Abort trap (6), possible coredump in /opt/httpd/tmp
Backtrace:
#0 0x0000000801bfc26a in thr_kill () from /lib/libc.so.7
#1 0x0000000801cc3ac9 in abort () from /lib/libc.so.7
#2 0x0000000808eda284 in luaD_throw (L=0x802998400, errcode=2) at ldo.c:119
#3 0x0000000808ed988e in luaG_errormsg (L=0x802998400) at ldebug.c:582
#4 0x0000000808ed962c in luaG_runerror (L=0x802998400, fmt=0x808f028b4 "attempt to %s a %s value") at ldebug.c:591
#5 0x0000000808ed9015 in luaG_typeerror (L=0x802998400, o=0x8160df580, op=0x808f03fe5 "index") at ldebug.c:528
#6 0x0000000808eed42c in luaV_settable (L=0x802998400, t=0x8160df580, key=0x8160df5a0, val=0x8160df590) at lvm.c:163
#7 0x0000000808ed4383 in lua_setfield (L=0x802998400, idx=-2, k=0x808a32ed2 "log") at lapi.c:764
#8 0x0000000808ef494e in luaL_setfuncs (L=0x802998400, l=0x808c644a0, nup=0) at lauxlib.c:856
#9 0x00000008089d0d9e in lua_execute (script=0x80b716e68, param=0x0, msr=0x8161fe650, rule=0x80b715e98, error_msg=0x7fffffffcff8)
at msc_lua.c:449
#10 0x00000008089f9d91 in msre_rule_process_lua (rule=0x80b715e98, msr=0x8161fe650) at re.c:3311
#11 0x00000008089f8039 in msre_rule_process (rule=0x80b715e98, msr=0x8161fe650) at re.c:3349
#12 0x00000008089f79cb in msre_ruleset_process_phase (ruleset=0x816239920, msr=0x8161fe650) at re.c:1773
#13 0x00000008089c3608 in modsecurity_process_phase_request_body (msr=0x8161fe650) at modsecurity.c:555
#14 0x00000008089c340c in modsecurity_process_phase (msr=0x8161fe650, phase=2) at modsecurity.c:801
#15 0x00000008089c04e5 in hook_request_late (r=0x8161fd0a0) at mod_security2.c:1037
#16 0x00000000004560bb in ap_run_fixups (r=0x8161fd0a0) at request.c:82
#17 0x0000000000457a13 in ap_process_request_internal (r=0x8161fd0a0) at request.c:309
#18 0x0000000000488564 in ap_process_async_request (r=0x8161fd0a0) at http_request.c:315
#19 0x0000000000488691 in ap_process_request (r=0x8161fd0a0) at http_request.c:363
#20 0x0000000000483ae8 in ap_process_http_sync_connection (c=0x8161f4290) at http_core.c:190
#21 0x0000000000483683 in ap_process_http_connection (c=0x8161f4290) at http_core.c:231
#22 0x00000000004754ab in ap_run_process_connection (c=0x8161f4290) at connection.c:41
#23 0x0000000000475aae in ap_process_connection (c=0x8161f4290, csd=0x8161f40a0) at connection.c:203
#24 0x0000000000494d12 in child_main (child_num_arg=0) at prefork.c:704
#25 0x0000000000493d5b in make_child (s=0x80286b268, slot=0) at prefork.c:800
#26 0x0000000000493dfd in startup_children (number_to_start=5) at prefork.c:818
#27 0x0000000000492480 in prefork_run (_pconf=0x802821028, plog=0x802870028, s=0x80286b268) at prefork. c:976
#28 0x000000000043c77b in ap_run_mpm (pconf=0x802821028, plog=0x802870028, s=0x80286b268) at mpm_common. c:94
#29 0x00000000004305fd in main (argc=2, argv=0x7fffffffdd18) at main.c:777
Reproduce: change port Makefile to allow higher Lua versions with LUA_USES=lua:51+, then do:
pkg remove lua51
make clean config build deinstall install
This installs as a dependency Lua 5.2, currently lua52-5.2.3_3
It works great with Lua 5.1. I can create a hard dependency on Lua 5.1 in the port but it would be preferable to get it working with Lua 5.2.
Hi @lifeforms,
Do you mind to test the code on the master branch ?