search

owasp-modsecurity / ModSecurity-nginx

ModSecurity v3 Nginx Connector
Apache License 2.0
1.58k stars 282 forks source link

Module compilation error with NGINX 1.21.5 #261

Closed simonepittis closed 2 years ago

simonepittis commented 2 years ago

After:

git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git wget http://nginx.org/download/nginx-1.21.5.tar.gz tar zxf nginx-1.21.5.tar.gz cd nginx-1.21.5 ./configure --with-compat --add-dynamic-module=../ModSecurity-nginx make modules

I can see this error:

make -f objs/Makefile modules make[1]: Entering directory '/root/nginx-1.21.5' cc -c -fPIC -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -I src/core -I src/event -I src/event/modules -I src/os/unix -I /usr/local/modsecurity/include -I objs -I src/http -I src/http/modules \ -o objs/addon/src/ngx_http_modsecurity_module.o \ ../ModSecurity-nginx/src/ngx_http_modsecurity_module.c ../ModSecurity-nginx/src/ngx_http_modsecurity_module.c: In function 'ngx_http_modsecurity_pcre_malloc_init': ../ModSecurity-nginx/src/ngx_http_modsecurity_module.c:78:9: error: 'pcre_malloc' undeclared (first use in this function); did you mean 'old_pcre_malloc'? 78 | if (pcre_malloc != ngx_http_modsec_pcre_malloc) { | ^~~ | old_pcre_malloc ../ModSecurity-nginx/src/ngx_http_modsecurity_module.c:78:9: note: each undeclared identifier is reported only once for each function it appears in ../ModSecurity-nginx/src/ngx_http_modsecurity_module.c:82:25: error: 'pcre_free' undeclared (first use in this function); did you mean 'pkey_free'? 82 | old_pcre_free = pcre_free; | ^~~~~ | pkey_free ../ModSecurity-nginx/src/ngx_http_modsecurity_module.c: In function 'ngx_http_modsecurity_pcre_malloc_done': ../ModSecurity-nginx/src/ngx_http_modsecurity_module.c:102:9: error: 'pcre_malloc' undeclared (first use in this function); did you mean 'old_pcre_malloc'? 102 | pcre_malloc = old_pcre_malloc; | ^~~ | old_pcre_malloc ../ModSecurity-nginx/src/ngx_http_modsecurity_module.c:103:9: error: 'pcre_free' undeclared (first use in this function); did you mean 'pkey_free'? 103 | pcre_free = old_pcre_free; | ^~~~~ | pkey_free make[1]: *** [objs/Makefile:1232: objs/addon/src/ngx_http_modsecurity_module.o] Error 1

monitmanllc commented 2 years ago

Have the same issue, looks like it's related to a change in nginx (now nginx is built with the PCRE2 library by default).

defanator commented 2 years ago

@simonepittis @monitmanllc please check this - https://github.com/SpiderLabs/ModSecurity-nginx/pull/260

Long story short: use --without-pcre2 configure argument when building ModSecurity-nginx connector module. PCRE2 support must be added to the library (libmodsecurity) and then to the connector. Applying just the connector's PR will lead to enormous memory leaks in regex processing.

monitmanllc commented 2 years ago

@defanator Thank you for the info appreciate it, I have used --without-pcre2 and compiled as expected. Have a good afternoon.

simonepittis commented 2 years ago

yes, works! @defanator thanks for the help.

Danrancan commented 2 years ago

@defanator Thank you for the info appreciate it, I have used --without-pcre2 and compiled as expected. Have a good afternoon.

How is it working after compiling with the --without-pcre2 flag? Are you having any of the reported memory allocation problems? What version of Nginx are you compiling with? Thanks for the help and info.

Danrancan commented 2 years ago

@defanator Thank you for the info appreciate it, I have used --without-pcre2 and compiled as expected. Have a good afternoon.

Are you getting any problems with memory allocation or leaks after compiling and testing?

simonepittis commented 2 years ago

@Danrancan tested now without "--without-pcre2" and works fine. no performance issue and no memory issue. :-)

Danrancan commented 2 years ago

@Danrancan tested now without "--without-pcre2" and works fine. no performance issue and no memory issue. :-)

Thank you very much @simonepittis! This is exactly what I needed to know!

Danrancan commented 2 years ago

@Danrancan tested now without "--without-pcre2" and works fine. no performance issue and no memory issue. :-)

@simonepittis

Wait, I just re-read this. You say you tested it WITHOUT "--without-pcre2". Was that a mistake? or do you actually mean that you did NOT use the "--without-pcre2" arguement, and it is still working? If so, that implies there was an update that I don't know about correct? Otherwise, i believe you made a grammatacal mistake and meant to say.. "tested now with "--without-pcre2" and works fine." Could you please clarify?