Segmentation fault ctl:ruleRemoveTargetById without target

[studersi]

Leaving out the target for ctl:ruleRemoveTargetById causes segmentation faults.

This has already been reported and fixed for ctl:ruleRemoveTargetByTag: #1353.

My guess is that ctl:ruleRemoveTargetByMsg is affected as well but I did not test this.

Steps to reproduce the behavior:
Add a rule exclusion containing ctl:ruleRemoveTargetById=941130 instead of ctl:ruleRemoveTargetById=941130;ARGS:xxxx

• ModSecurity 2.9.3
• Apache 2.4.38
• Linux

[studersi]

What is the status on this issue, do you need any more information?

[zimmerle]

Hi, @studersi

We don't have an ETA to fix this yet. It should be fixed, although the priority is not high as this does not directly impact run time. This seems to be a very welcome task to someone that wants to learn a little bit more about ModSecurity internals.

[studersi]

This was fixed in #2189. Closing the issue.