You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2013/02/13 22:11:45 UTC
[Bug 54560] New: Potential segfault on return from
ap_server_root_relative
https://issues.apache.org/bugzilla/show_bug.cgi?id=54560
Bug ID: 54560
Summary: Potential segfault on return from
ap_server_root_relative
Product: Apache httpd-2
Version: 2.4.1
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Runtime Config
Assignee: bugs@httpd.apache.org
Reporter: mike.rumph@oracle.com
Classification: Unclassified
The ap_process_fnmatch_configs function in server/config.c has the following
code:
if ((ap_server_pre_read_config->nelts
|| ap_server_post_read_config->nelts)
&& !(strcmp(fname, ap_server_root_relative(ptemp,
SERVER_CONFIG_FILE)))) {
apr_finfo_t finfo;
if (apr_stat(&finfo, fname, APR_FINFO_LINK | APR_FINFO_TYPE, ptemp) !=
APR_SUCCESS)
return NULL;
}
The ap_server_root_relative function could potentially return NULL which would
result in a segmentation fault within strcmp.
This bug is related to the following bugs:
- https://issues.apache.org/bugzilla/show_bug.cgi?id=52816
- https://issues.apache.org/bugzilla/show_bug.cgi?id=39722
This code is first seen in 2.4.1 and still exists in 2.5-HEAD.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54560] Potential segfault on return from
ap_server_root_relative
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54560
--- Comment #2 from Jeff Trawick <tr...@apache.org> ---
>Perhaps there is a way to force a failure of
>ap_filepath_merge() using a module's configuration...
I guess "DocumentRoot z:/" is a previously-fixed way to do this... Silly me...
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54560] Potential segfault on return from
ap_server_root_relative
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54560
--- Comment #1 from Jeff Trawick <tr...@apache.org> ---
There are at least hundreds of calls to ap_server_root_relative if you include
third-party code. All of these calls are subject to the
ap_server_root-misconfiguration problem. ap_server_root is only set in main().
ap_server_root should be verified near the point set so that the
ap_server_root_relative() calls aren't subject to a bad "-d Z:/" or compiled-in
value. One check in main() for the return code of
'ap_server_root_relative(some_pool, "foo")' will (IIUC) solve the reported
problems in httpd with checking the ap_server_root_relative() return code.
Perhaps there is a way to force a failure of ap_filepath_merge() using a
module's configuration which ends up in the second parameter of
ap_server_root_relative(). That can't be solved without (potentially) a large
number of error paths added to httpd and other modules.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54560] Potential segfault on return from
ap_server_root_relative
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54560
--- Comment #3 from Christophe JAILLET <ch...@wanadoo.fr> ---
Is this a real issue ?
According to my testing
- incorrect -d directory or HTTPD_ROOT
==> httpd: Could not open configuration file /xxx/conf/httpd.conf: No such file
or directory
- incorrect DocumentRoot directive
==> AH00526: Syntax error on line 217 of /usr/local/apache2/conf/httpd.conf:
DocumentRoot must be a directory
In all 3 cases, httpd exits at start-up with a message clearly showing the
erroneous path. We don't know the root reason (-d, default or DocumentRoot) but
isn't it enough ?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org