You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2019/04/01 06:34:47 UTC

[Bug 63305] New: Segmentation fault in mod_ldap on gracefull reload

https://bz.apache.org/bugzilla/show_bug.cgi?id=63305

            Bug ID: 63305
           Summary: Segmentation fault in mod_ldap on gracefull reload
           Product: Apache httpd-2
           Version: 2.4.23
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ldap
          Assignee: bugs@httpd.apache.org
          Reporter: mfusek@newps.cz
  Target Milestone: ---

Created attachment 36505
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=36505&action=edit
Solve the issue

Our server using our closed source variant of mod_authnz_ldap (mod_agwldap)
which is using mod_ldap. Server is heavy loaded and is reloaded once per hour
to change CRL (certificate revocation list) to use TLS client certificate
authentication. LDAP contains more then one million users. Mod_ldap is
configured to use shared cache. On reload there is intermittent sig seg crash.
Crash can be simulated on load test with 1600 different users and 20 threads,
when server is reloaded every 3 second (only for load test purpose).
Back trace (some times crash is in different location):

#0 util_ldap_search_node_free (cache=0x7f3bb9e3f030, n=0x74696c6d79473132) at
util_ldap_cache.c:202
#1 0x00007f3bbe245bc0 in util_ald_destroy_cache (cache=0x7f3bb9e3f030) at
util_ldap_cache_mgr.c:412
#2 0x00007f3bbe244c3d in util_ldap_url_node_free (cache=0x7f3bb9e1e038,
n=0x7f3bb9e57a80) at util_ldap_cache.c:73
#3 0x00007f3bbe245bc0 in util_ald_destroy_cache (cache=0x7f3bb9e1e038) at
util_ldap_cache_mgr.c:412
#4 0x00007f3bbe244d6d in util_ldap_cache_module_kill (data=0x7f3bc4d99548) at
util_ldap_cache.c:402
#5 0x00007f3bc42d403e in apr_pool_destroy () from /usr/lib64/libapr-1.so.0
#6 0x00007f3bc42d4295 in apr_pool_clear () from /usr/lib64/libapr-1.so.0
#7 0x0000558a6b72bd6d in main (argc=18, argv=0x7ffdd1e726b8) at main.c:713

void util_ldap_search_node_free(util_ald_cache_t *cache, void *n)
{
int i = 0;
util_search_node_t *node = n;
**int k = node->numvals;**

if (node->vals) {
for (;k;k--,i++) {
if (node->vals[i]) {
util_ald_free(cache, node->vals[i]);
}
}
util_ald_free(cache, node->vals);
}
util_ald_free(cache, node->username);
util_ald_free(cache, node->dn);
util_ald_free(cache, node->bindpw);
util_ald_free(cache, node);
}

Patch wich solve the issue (against branch 2.4.x) is included. We believe that
error is inside mod_ldap and not inside our mod_agwldap. We tried newest
mod_ldap (trunk) without luck. When patch is applayed there is no crashes
inside load test.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 63305] Segmentation fault in mod_ldap on gracefull reload

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=63305

--- Comment #2 from Martin Fúsek <mf...@newps.cz> ---
(In reply to Christophe JAILLET from comment #1)
> This has been fixed in trunk in r1856735.
> 
> The patch is different from the one attached in this PR.
> Could you please test and confirm that it solves the issue for you as well?

Yes it works. But in trunk revision 1831165: "mod_ldap: log and abort locking
errors.  related to PR60296 investigation  RMM corruption is really nasty, so
abort on locking failures" make it also broken. Without revision
1831165(commenting out if (rv != APR_SUCCESS) {) it works OK. Problem is that
some request probably arrive after lock cleanup (after reload) and assertion
fail (new lock on cache cleanup works ok).

CoreDumpDirectory /tmp/

#LDAPLibraryDebug 7
LDAPLibraryDebug disabled
LDAPConnectionPoolTTL 15

 LDAPSharedCacheSize 10485760
 LDAPCacheEntries 10240
 LDAPCacheTTL 600
 LDAPOpCacheEntries 10240
 LDAPOpCacheTTL 600
 LDAPVerifyServerCert Off

<Location /ldap-status>
    SetHandler ldap-status
    Require host 127.0.0.1
</Location>

    <Location />
        AuthName "ISDS - DS"
AuthLDAPBindDN "<redacted>"
AuthLDAPBindPassword "<redacted>"
AuthType basic
AuthBasicProvider ldap
AuthLDAPRemoteUserIsDN on
<LimitExcept OPTIONS>
Require valid-user
</LimitExcept>


AuthLDAPURL ldap://172.24.40.126/ou=test,o=test?cn,isdsRights?sub? TLS


</Location>

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 63305] Segmentation fault in mod_ldap on gracefull reload

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=63305

--- Comment #3 from Martin Fúsek <mf...@newps.cz> ---
Can you backport this r1856735 to 2.4?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 63305] Segmentation fault in mod_ldap on gracefull reload

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=63305

Pavel Janík <Pa...@Janik.cz> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |Pavel@Janik.cz

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 63305] Segmentation fault in mod_ldap on gracefull reload

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=63305

Christophe JAILLET <ch...@wanadoo.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |FixedInTrunk

--- Comment #1 from Christophe JAILLET <ch...@wanadoo.fr> ---
This has been fixed in trunk in r1856735.

The patch is different from the one attached in this PR.
Could you please test and confirm that it solves the issue for you as well?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org