Double Free Memory

**Describe the bug**

When this function is called it causes a double free: (Taken from examples\using_bodies_in_chunks\simple_request.cc)

```
static void logCb(void *data, const void *ruleMessagev) {
    if (ruleMessagev == NULL) {
        std::cout << "I've got a call but the message was null ;(";
        std::cout << std::endl;
        return;
    }

    const modsecurity::RuleMessage *ruleMessage = \
        reinterpret_cast<const modsecurity::RuleMessage *>(ruleMessagev);

    std::cout << "Rule Id: " << std::to_string(ruleMessage->m_rule.m_ruleId);
    std::cout << " phase: " << std::to_string(ruleMessage->getPhase());
    std::cout << std::endl;
    if (ruleMessage->m_isDisruptive) {
        std::cout << " * Disruptive action: ";
        std::cout << modsecurity::RuleMessage::log(*ruleMessage);
        std::cout << std::endl;
        std::cout << " ** %d is meant to be informed by the webserver.";
        std::cout << std::endl;
    } else {
        std::cout << " * Match, but no disruptive action: ";
        std::cout << modsecurity::RuleMessage::log(*ruleMessage);
        std::cout << std::endl;
    }
}

```
**Logs and dumps**

>	WebServerHoster.exe!_mi_page_ptr_unalign(const mi_page_s * page, const void * p) Line 68	C
 	WebServerHoster.exe!mi_free_generic_mt(mi_page_s * page, mi_segment_s * segment, void * p) Line 96	C
 	WebServerHoster.exe!mi_free(void * p) Line 172	C
 	WebServerHoster.exe!mi_free_size(void * p, unsigned __int64 size) Line 355	C
 	WebServerHoster.exe!operator delete(void * p, unsigned __int64 n) Line 47	C++
 	[External Code]	
 	WebServerHoster.exe!logCb(void * data, const void * ruleMessagev) Line 89	C++
 	[External Code]	
 	WebServerHoster.exe!HttpSession::handlerequestSSL(std::string request) Line 1562	C++
 	WebServerHoster.exe!HttpSession::recievebytes() Line 194	C++
 	WebServerHoster.exe!startServerHTTPS(int port, ssl_ctx_st * sslContext) Line 1697	C++
 	[External Code]	


**To Reproduce**

Send a request with no host header via curl:

e.g 

`curl -H "Host:" http://localhost`


**Expected behavior**

It should log without double freeing


**Rule Set (please complete the following information):**

Running coreruleset-4.19.0

**Additional context**

Not sure if the double free happens without sending no host header also this function:

`modsecurity::RuleMessage::log(*ruleMessage);`

IS the function that explicitly called double free in my crash log.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Double Free Memory #3471

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Double Free Memory #3471

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions