Memory leak

[LinuxJedi]

I haven't fully diagnosed the leak yet but I've managed to get some readouts in the attached massif output in the hope it will aid you in finding the route cause.

The leak appears to happen when using this:

SecRule ARGS "@contains test" "id:50,auditlog,phase:2,t:trim,block"

As part of the following:

  modsecurity_rules '
    SecRuleEngine On
    SecAuditEngine On
    SecAuditLogParts ABCIFHZ
    SecAuditLogType Serial
    SecAuditLog /tmp/audit.log
    SecRule ARGS "@contains test" "id:50,auditlog,phase:2,t:trim,block"
    SecRule ARGS "@streq block403" "id:11,phase:1,status:403,block"
    SecRule ARGS "@streq redirect302" "id:3,phase:1,status:302,redirect:http://www.modsecurity.org"

  ';

Several KB appear to be leaked on every request which significantly grows over time.

massif.out.11899.zip

[zimmerle]

Hi @LinuxJedi,

Good observation. I am investigating.

[zimmerle]

Hi @LinuxJedi,

I have made a good improvement on the memory management in general. There isn't a linear growth anymore. I am not closing this issue yet because I want to test with the full OWASP CRS before consider it done. Tomorrow I will continue with the tests.

[zimmerle]

Closing this issue after test with OWASP CRS. No leak was identified.

[p0pr0ck5]

@zimmerle did your changes for memory management optimization get committed? I've been playing around with this some more and noticing non-trivial leaks that seem to correspond with what @LinuxJedi found. I can provide some more debug info if you need.

[zimmerle]

Hi @p0pr0ck5,

Yes, those modifications were committed. @LinuxJedi also reported other memory issues here: owasp-modsecurity/ModSecurity#1078 some of those may lead to memory leak.

It will be very helpful if you can attach the massif output of your findings on owasp-modsecurity/ModSecurity#1078

[p0pr0ck5]

Silly me, I should have realized that the commit went to libmodsec, not this connector :p I'll do more debugging and ensure a clean build, and toss up some debug info tomorrow.