logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in  RSS Apache Lounge  


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.


Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: modsecurity VS16 handle leak :: fix
Author
jonezk



Joined: 20 Dec 2021
Posts: 2
Location: Finland

PostPosted: Tue 21 Dec '21 12:40    Post subject: modsecurity VS16 handle leak :: fix Reply with quote

Handle fix in APR download, see below

I'm using Apache 2.4.51 with modsecurity 2.9.3 in Windows environment. This combination is leaking at least one handle on every request and Apache will finally crash after leaking millions of handles.

After some googling I found this:

https://github.com/SpiderLabs/ModSecurity/issues/2181

and I believe this is (some way) the root cause for the handle leak in my environment which is very basic one, using default settings in most places.

Apache's log shows this at startup, see APR version:

[Mon Dec 20 10:38:23.240075 2021] [:notice] [pid 4528:tid 656] ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/) configured.
[Mon Dec 20 10:38:23.241121 2021] [:notice] [pid 4528:tid 656] ModSecurity: APR compiled version="1.7.0"; loaded version="1.7.0"

From the issue 2181 above I found this (see the commit date):

https://github.com/apache/apr/commit/71d0990074e0ef4de584ae95fad7f84aceb4ca64

I also found this:

http://svn.apache.org/viewvc/apr/apr/branches/1.7.x/CHANGES?view=markup

See the changes for APR 1.7.1:

*) Fix handle leak in the Win32 apr_uid_current implementation.
PR 61165. [Ivan Zhakov]

I'm not 100% sure about this whole picture, but to me this looks like the actual issue has been fixed already 2,5 years ago and would be available in APR 1.7.1, but Apache is still using 1.7.0.

It is also possible that this requires new modsecurity v2.9.5 build.
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2906
Location: Hilversum, NL, EU

PostPosted: Wed 22 Dec '21 10:44    Post subject: Reply with quote

Yep, CPU deadlock under load.

It is not fixed in 2.9.4/5. The fix, mentioned in issue 2181, was not not backported to 1.7.0. I made sure that the fix r1860057 is now backported (thanks to Ruediger) for the next release, no date known yet.

Already for now applied the APR fix to 1.7.0 :

https://www.apachelounge.com/download/VS16/binaries/libapr-1-fix-r1860057-1.7.0.rar

Please copy and replace to your bin folder.


Last edited by Steffen on Sat 01 Jan '22 13:20; edited 4 times in total
Back to top
jonezk



Joined: 20 Dec 2021
Posts: 2
Location: Finland

PostPosted: Wed 22 Dec '21 13:12    Post subject: Reply with quote

I tried this new libapr-1.dll and it has resolved my problem. No more leaking handles and everything else works fine, too. Thanks a lot.
Back to top
radboud.asselman



Joined: 28 Apr 2021
Posts: 3
Location: Netherlands

PostPosted: Tue 18 Jan '22 15:07    Post subject: Reply with quote

I also tried this new libapr-1.dll and it has resolved my problem too! The leaking handles disappeared.

Thanks you for offering this hotfix. It is very much appreciated!
Back to top


Reply to topic   Topic: modsecurity VS16 handle leak :: fix View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules