Closed
Description
There are reports on memory leak on nginx -s reload, #2381 #2502 #2552 #2636 and many others .
Of course, #2580 doesn't solve problems. (Update: #2580 should have fixed this problem.)
There is a simple poc:
#include <stdio.h>
#include <unistd.h>
#include "modsecurity/rules_set.h"
int main(int argc, char **argv) {
int i;
char *file;
const char *error;
#ifdef __APPLE__
printf("top -pid %d\n", getpid());
#else
printf("top -p %d\n", getpid());
#endif
file = argc > 1 ? argv[1] : "memory-leak.conf";
printf("rules file: %s\n", file);
for (i = 0; i < 100; ++i) {
RulesSet *rules_set = msc_create_rules_set();
if (msc_rules_add_file(rules_set, file, &error) < 0) {
fprintf(stderr, "error: %s\n", error);
break;
}
msc_rules_cleanup(rules_set);
}
printf("100 iter completed\n");
sleep(100);
return 0;
}After run 100 times on CRS rules, the memory grow to 1.2G, about 12M for rules.
Include modsecurity-v3.0.6/modsecurity.conf-recommended
Include coreruleset-3.3.2/crs-setup.conf.example
Include coreruleset-3.3.2/rules/*.conf
Of course, for nginx -s reload, it may be solved by moving msc_rules_add_file to working process, then it doesn't affect master process, and sovle the problem.
However, IMO, it should be fixed in ModSecurity, as we have shared_ptr in c++11.
Metadata
Metadata
Assignees
Labels
No labels