File 0003-Import-some-memory-leak-fixes-for-Mod-Secu... of Package mod_security2

Overview Repositories Revisions Requests Users Attributes Meta

File 0003-Import-some-memory-leak-fixes-for-Mod-Security-2.9.x.patch of Package mod_security2

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Travis Holloway <t.holloway@cpanel.net>
Date: Thu, 5 Jan 2023 15:49:30 -0600
Subject: [PATCH 3/4] Import some memory leak fixes for Mod Security 2.9.x

NOTE: Gary Stanley patch for fix memory leaks originally from EA-10203

- Fix memory leaks caused by unfreed compiled regex data. This was determined
to be more of an issue when Mod Security is compiled with PCRE's JIT, but it still slowly leaks when it's disabled (the default)

https://github.com/SpiderLabs/ModSecurity/pull/2263/commits

- Backport local memory pool enhancement from 3.x pull request

https://github.com/SpiderLabs/ModSecurity/pull/2177

- Memory leak in modsecurity_request_body_to_stream

https://github.com/SpiderLabs/ModSecurity/issues/2208

This might help bigger customers reporting memory/performance problems (godaddy, etc).

Fixup build failures on CentOS6 by reverting part of the patch for C6 only.

C6's PCRE, which is the 7.x series, doesn't have pcre_study etc.

Since C6 is EOL, this isn't a huge deal.
---
 apache2/msc_pcre.c | 25 +++++++++++++++--------
 apache2/re.c       | 51 +++++++++++++++++-----------------------------
 2 files changed, 35 insertions(+), 41 deletions(-)

diff --git a/apache2/msc_pcre.c b/apache2/msc_pcre.c
index 6f1a9a1..961f925 100644
--- a/apache2/msc_pcre.c
+++ b/apache2/msc_pcre.c
@@ -31,8 +31,8 @@ static apr_status_t msc_pcre_cleanup(msc_regex_t *regex) {
         }
 #else
         if (regex->pe != NULL) {
-#if defined(VERSION_NGINX)
-            pcre_free(regex->pe);
+#if PCRE_MAJOR >= 8
+        pcre_free_study(regex->pe);
 #else
             free(regex->pe);
 #endif
@@ -150,21 +150,28 @@ void *msc_pregcomp_ex(apr_pool_t *pool, const char *pattern, int options,
     }
     if (regex->re == NULL) return NULL;
 
-    #ifdef WITH_PCRE_STUDY
-        #ifdef WITH_PCRE_JIT
+    /* PCRE on CentOS 6 doesn't have PCRE_STUDY_NEEDED, omit for now */
+    #if PCRE_MAJOR >= 8
+        #ifdef WITH_PCRE_STUDY /* This is enabled by default on modsec 2.9.3+ */
+            #ifdef WITH_PCRE_JIT /* Disabled by default on cPanel builds */
+                pe = pcre_study(regex->re, PCRE_STUDY_EXTRA_NEEDED|PCRE_STUDY_JIT_COMPILE, &errptr);
+            #else
+                pe = pcre_study(regex->re, PCRE_STUDY_EXTRA_NEEDED, &errptr);
+            #endif
+        #endif
+    #else /* Fallback for CentOS 6/CL6 PCRE's version */
+        #ifdef WITH_PCRE_STUDY
+            #ifdef WITH_PCRE_JIT
                 pe = pcre_study(regex->re, PCRE_STUDY_JIT_COMPILE, &errptr);
-        #else
+            #else
                 pe = pcre_study(regex->re, 0, &errptr);
+            #endif
         #endif
     #endif
 
     /* Setup the pcre_extra record if pcre_study did not already do it */
     if (pe == NULL) {
-#if defined(VERSION_NGINX)
         pe = pcre_malloc(sizeof(pcre_extra));
-#else
-        pe = malloc(sizeof(pcre_extra));
-#endif
         if (pe == NULL) {
             return NULL;
         }
diff --git a/apache2/re.c b/apache2/re.c
index 9ded3be..bec046f 100644
--- a/apache2/re.c
+++ b/apache2/re.c
@@ -249,18 +249,25 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
     char *opt = NULL, *param = NULL;
     char *target_list = NULL, *replace = NULL;
     int i, rc, match = 0, var_appended = 0;
+    apr_pool_t *local_pool = NULL;
 
     if(rule != NULL)    {
+        apr_status_t status = apr_pool_create(&local_pool, NULL);
+        if (status < 0) {
+            return apr_psprintf(ruleset->mp, "Error creating memory pool: %d", status);
+        }
 
-        target_list = strdup(p2);
-        if(target_list == NULL)
+        target_list = apr_pstrdup(local_pool, p2);
+        if(target_list == NULL) {
+            apr_pool_destroy(local_pool);
             return apr_psprintf(ruleset->mp, "Error to update target - memory allocation");;
+        }
 
         if(p3 != NULL)  {
             replace = strdup(p3);
+            replace = apr_pstrdup(local_pool, p3);
             if(replace == NULL) {
-                free(target_list);
-                target_list = NULL;
+                apr_pool_destroy(local_pool);
                 return apr_psprintf(ruleset->mp, "Error to update target - memory allocation");;
             }
         }
@@ -292,10 +299,7 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
             }
 
             if(apr_table_get(ruleset->engine->variables, name) == NULL)   {
-                if(target_list != NULL)
-                    free(target_list);
-                if(replace != NULL)
-                    free(replace);
+                apr_pool_destroy(local_pool);
                 if(msr) {
                     msr_log(msr, 9, "Error to update target - [%s] is not valid target", name);
                 }
@@ -385,9 +389,11 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
                 }
             } else {
 
-                target = strdup(p);
-                if(target == NULL)
+                target = apr_pstrdup(local_pool, p);
+                if(target == NULL) {
+                    apr_pool_destroy(local_pool);
                     return NULL;
+                }
 
                 is_negated = is_counting = 0;
                 param = name = value = NULL;
@@ -417,10 +423,7 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
                 }
 
                 if(apr_table_get(ruleset->engine->variables, name) == NULL)   {
-                    if(target_list != NULL)
-                        free(target_list);
-                    if(replace != NULL)
-                        free(replace);
+                    apr_pool_destroy(local_pool);
                     if(msr) {
                         msr_log(msr, 9, "Error to update target - [%s] is not valid target", name);
                     }
@@ -462,11 +465,6 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
                     }
                 }
 
-                if(target != NULL)  {
-                    free(target);
-                    target = NULL;
-                }
-
                 if(match == 0 ) {
                     rc = msre_parse_targets(ruleset, p, rule->targets, &my_error_msg);
                     if (rc < 0) {
@@ -497,7 +495,7 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
         }
 
         if(var_appended == 1)  {
-            current_targets = msre_generate_target_string(ruleset->mp, rule);
+            current_targets = msre_generate_target_string(local_pool, rule);
             rule->unparsed = msre_rule_generate_unparsed(ruleset->mp, rule, current_targets, NULL, NULL);
             rule->p1 = apr_pstrdup(ruleset->mp, current_targets);
             if(msr) {
@@ -512,18 +510,7 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
     }
 
 end:
-    if(target_list != NULL) {
-        free(target_list);
-        target_list = NULL;
-    }
-    if(replace != NULL) {
-        free(replace);
-        replace = NULL;
-    }
-    if(target != NULL)  {
-        free(target);
-        target = NULL;
-    }
+    apr_pool_destroy(local_pool);
     return NULL;
 }

Places

File 0003-Import-some-memory-leak-fixes-for-Mod-Security-2.9.x.patch of Package mod_security2

Places