You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Rainer Jung <ra...@kippdata.de> on 2011/01/18 02:02:42 UTC
Possible crash in mod_cgid (logging crashes because of NULL s->module_config)
I did a broken build using a SHELL_PATH that was not available on the
build platform. The test suite tried to log
"exec of 'echo pass' failed"
in test number 16 of t/modules/include.t (line 261). This produced a
crash. It seems the crash will happen every time and exec include fails.
The reason is an incomplete server_rec, that has a NULL module_config.
gdb info:
#0 0x08083ccb in log_error_core (file=0xb78ce194
"/shared/build/dev/httpd/sources/httpd/trunk/r1060112/modules/generators/mod_cgid.c",
line=588, module_index=101,
level=3, status=2, s=0x845e088, c=0x0, r=0x0, pool=0x0,
fmt=0xb78cdfa3 "%s", args=0xbfdb1e6c "")
at
/shared/build/dev/httpd/sources/httpd/trunk/r1060112/server/log.c:1134
configured_level = <value optimized out>
errstr = "ess=ca@digsigtrust.com\000\000referer:
\000ddress=webmaster@belsign.be\000\000referer: \000ferer:
\000\000\000\000�\020R\bx\fR\b\022\000\000\000\027šà \003\000\000\000\000\020\000\000\000\020\000\000\000d\035R\bx\035R\b\214\035R\bŽ\fR\b�ò«�\"\000\000\000\021\000\000\000djÀ·@ñï·dñï·dñï·\000\000\000\000xñï·\220\001\000\000š\000\000\000Î�ï·h.R\b°p\001\000�ß�¿djÀ·p\025ï·ð\035R\b"...
logf = (apr_file_t *) 0x845e9e8
level_and_mask = 3
rmain = <value optimized out>
sconf = <value optimized out>
info = {s = 0xbfdb1e80, c = 0xa, r = 0xbfdb1e18, rmain =
0xb7f9ff2d, file = 0xb78ce079 "CGIDCHILDERRFN", line = -1076158968,
module_index = -1076158888,
level = 138800256, status = 138800304, using_syslog = -1076158924,
startup = -1215504263}
log_conn_info = <value optimized out>
log_req_info = <value optimized out>
lines = <value optimized out>
done = <value optimized out>
line_number = <value optimized out>
#1 0x08084a21 in ap_log_error_ (file=0xb78ce194
"/shared/build/dev/httpd/sources/httpd/trunk/r1060112/modules/generators/mod_cgid.c",
line=588, module_index=101,
level=3, status=2, s=0x845e088, fmt=0xb78cdfa3 "%s") at
/shared/build/dev/httpd/sources/httpd/trunk/r1060112/server/log.c:1263
args = 0xbfdb1e6c ""
#2 0xb78cc0db in cgid_child_errfn (pool=0x845de88, err=2,
description=0x845ed00 "exec of 'echo pass' failed")
at
/shared/build/dev/httpd/sources/httpd/trunk/r1060112/modules/generators/mod_cgid.c:588
vr = (void *) 0x845dec8
#3 0xb7fbbac7 in apr_proc_create (new=0x845e078, progname=0x845e3d0
"echo pass", args=0x845ecd8, env=0x845e410, attr=0x845ea88, pool=0x845de88)
at
/shared/build/dev/httpd/sources/apr/trunk/r1059819/threadproc/unix/proc.c:590
desc = 0x845ed00 "exec of 'echo pass' failed"
i = <value optimized out>
empty_envp = {0x0}
#4 0xb78ccfb5 in cgid_start (p=<value optimized out>,
main_server=0x80b5580, procnew=<value optimized out>)
at
/shared/build/dev/httpd/sources/httpd/trunk/r1060112/modules/generators/mod_cgid.c:812
errfileno = 2
argv0 = 0x845e3d0 "echo pass"
env = (char **) 0x845e410
out_pipe = <value optimized out>
err_pipe = 0
cmd_type = APR_SHELLCMD
key = <value optimized out>
unix_addr = {sun_family = 1,
sun_path =
"\004\r\225·ÞXE\bXŒ£·P¡·ð!Ì·š\020\v\bÚÀ*\bÃ�\037Ã�¿Ã�ñú·\000\200\000\000\203\vó·Ã�\037Ã�¿Ã�ñú·\000dE\b\200\000\000\000¶\001\000\000D!\221·XcE\b\030\000\000\000\000\200\000\000ð!Ì·š\020\v\bÚÀ*\b(
�¿8\233ú·\021dE\b\221�\v\b"}
procattr = (apr_procattr_t *) 0x845ea88
inout = (apr_file_t *) 0x845ea38
stat = <value optimized out>
in_pipe = <value optimized out>
cgid_req = {req_type = 2, conn_id = 0, ppid = 13477,
core_module_index = 0, env_count = 30, ugid = {uid = 4294967295, gid =
4294967295, userdir = -1},
filename_len = 133, argv0_len = 9, uri_len = 34, args_len = 0,
loglevel = 7, limits = {limit_cpu_set = 0, limit_cpu = {rlim_cur = 0,
rlim_max = 0}, limit_mem_set = 0,
limit_mem = {rlim_cur = 0, rlim_max = 0}, limit_nproc_set = 0,
limit_nproc = {rlim_cur = 0, rlim_max = 0}}}
len = 2
#5 0xb78cd2f2 in cgid_init (p=0x80b10a8, plog=0x80e13b0,
ptemp=0x80e53c0, main_server=0x80b5580)
at
/shared/build/dev/httpd/sources/httpd/trunk/r1060112/modules/generators/mod_cgid.c:937
tmp_sockname = 0x8456400 "/var/tmp/cgitest/cgisock.13477"
ret = <value optimized out>
data = (void *) 0x84da4a0
#6 0x0807ef80 in ap_run_post_config (pconf=0x80b10a8, plog=0x80e13b0,
ptemp=0x80e53c0, s=0x80b5580)
at
/shared/build/dev/httpd/sources/httpd/trunk/r1060112/server/config.c:98
n = 28
rv = 0
In mod_cgid.c line 588 the server_rec used in logging has:
(gdb) print *s
$3 = {process = 0x0, next = 0x0, error_fname = 0x0, error_log =
0x845e9e8, log = {module_levels = 0x0, level = 7}, module_config = 0x0,
lookup_defaults = 0x0,
defn_name = 0x0, defn_line_number = 0, is_virtual = 0 '\0', port = 0,
server_scheme = 0x0, server_admin = 0x0, server_hostname = 0x0, addrs =
0x0, timeout = 0,
keep_alive_timeout = 0, keep_alive_max = 0, keep_alive = 0, names =
0x0, wild_names = 0x0, path = 0x0, pathlen = 0, limit_req_line = 0,
limit_req_fieldsize = 0,
limit_req_fields = 0, context = 0x0}
so I guess "sconf = ap_get_module_config(s->module_config,
&core_module);" in server/log.c line 1134 breaks because
s->module_config is NULL.
Regards,
Rainer
Re: Possible crash in mod_cgid (logging crashes because of NULL
s->module_config)
Posted by Stefan Fritsch <sf...@sfritsch.de>.
On Tue, 18 Jan 2011, Rainer Jung wrote:
> I did a broken build using a SHELL_PATH that was not available on the build
> platform. The test suite tried to log
>
> "exec of 'echo pass' failed"
>
> in test number 16 of t/modules/include.t (line 261). This produced a crash.
> It seems the crash will happen every time and exec include fails. The reason
> is an incomplete server_rec, that has a NULL module_config.
Thanks for the analysis. r1060245 should fix it.