Re: apache 2.2 crashes at the start time in mod_dbd.c then preparing AuthDBDUserPWQuery

[paritosh <pa...@limewire.co.in>]

Hi Nick,

I'm using the latest revision of mod_dbd.c and I still get a segfault on
startup. My setup:

CONFIGURE FLAGS:
./configure --enable-so --enable-auth-digest --enable-dbd
--enable-authn-dbd --with-mysql=/usr

HTTPD.CONF:

DBDriver mysql
DBDParams "dbname=xxx user=xxx pass=xxx"

<Location /private>
  AuthType Digest
  AuthName "xxx"

  AuthDigestProvider dbd

  Require valid-user

  AuthDBDUserRealmQuery "SELECT pwhash FROM users WHERE name = %s and
realm = %s"
</Location>

GDB BACKTRACE:

(gdb) run -X -d ..
[Thread debugging using libthread_db enabled]
[New Thread -1212180800 (LWP 23469)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1212180800 (LWP 23469)]
apr_hashfunc_default (char_key=0x0, klen=0xbfc96c38) at
tables/apr_hash.c:228
/home/paritosh/limespot/apache2.2/srclib/apr/tables/apr_hash.c:228:7055:beg:0xb7daa3ce
(gdb) bt
#0  apr_hashfunc_default (char_key=0x0, klen=0xbfc96c38) at
tables/apr_hash.c:228
#1  0xb7daa437 in find_entry (ht=0x8128270, key=0x0, klen=-1, val=0x0)
at tables/apr_hash.c:260
#2  0xb7daa5f4 in apr_hash_get (ht=0xffffffff, key=0xbfc96c38, klen=-1)
at tables/apr_hash.c:330
#3  0x08082a96 in ap_dbd_prepare (s=0x80d3ab0, query=0xffffffff <Address
0xffffffff out of bounds>, label=0xffffffff <Address 0xffffffff out of
bounds>) at mod_dbd.c:152
#4  0x0807dedb in authn_dbd_prepare (cmd=0xbfc9701c, cfg=0x812d190,
query=0x812d198 "SELECT pwhash FROM principals INNER JOIN users ON
principals.resource_id = users.principal_id WHERE name = %s and name !=
%s") at mod_authn_dbd.c:72
#5  0x080747f9 in invoke_cmd (cmd=0x80b3398, parms=0xbfc9701c,
mconfig=0x812d190, args=0x810e58e "") at config.c:873
#6  0x080755d2 in ap_walk_config (current=0x810e4f0, parms=0xbfc9701c,
section_vector=0x812cba8) at config.c:1141
#7  0x0806bec4 in urlsection (cmd=0xbfc9701c, mconfig=0x810e198,
arg=0x812ce28 "") at core.c:1942
#8  0x080747f9 in invoke_cmd (cmd=0x80b0cd8, parms=0xbfc9701c,
mconfig=0x810e198, args=0x810e3c8 "/private>") at config.c:873
#9  0x080755d2 in ap_walk_config (current=0x81141f8, parms=0xbfc9701c,
section_vector=0x810d228) at config.c:1141
#10 0x080762b6 in ap_process_config_tree (s=0xbfc96c38,
conftree=0xffffffff, p=0x80cb0a8, ptemp=0xffffffff) at config.c:1743
#11 0x08062071 in main (argc=4, argv=0xbfc97174) at main.c:621

On Thu, 2006-08-17 at 15:21 +0100, Nick Kew wrote:
> On Thursday 17 August 2006 14:51, paritosh wrote:
> > Hi all,
> >
> >
> > I had a working installation of apache 2.2.2 with mod_dbd and
> > mod_authn_dbd configured. Recently I upgraded to 2.2.3 and the server
> > crashes with the same backtrace. ( it crashes in apr_hashfunc_default at
> > tables/apr_hash.c:228 ).
> 
> That is not a backtrace.
> 
> > Have there been any developments towards 
> > resolving this ?
> 
> http://svn.apache.org/viewvc?view=rev&revision=424798
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/database/mod_dbd.c?r1=421103&r2=425659
> 

Re: apache 2.2 crashes at the start time in mod_dbd.c then preparing AuthDBDUserPWQuery

[Nick Kew <ni...@webthing.com>]

On Friday 18 August 2006 12:35, paritosh wrote:

> recompiled everything with -O0, the new backtrace is:

> #2  0xb7d5626f in apr_hash_get (ht=0x813f270, key=0x0, klen=-1) at
> tables/apr_hash.c:330

Aha!  NULL key.  That should be the server name.

> #3  0x0808c433 in ap_dbd_prepare (s=0x80eaab0, query=0x8144178 "SELECT
> pwhash FROM users WHERE name = %s and realm = %s", label=0x81441b8
> "authn_dbd_1") at mod_dbd.c:152

whereas that now makes sense.  The junk before was indeed optimisation.

> #4  0x08086243 in authn_dbd_prepare (cmd=0xbf94b76c, cfg=0x8144170,
> query=0x8144178 "SELECT pwhash FROM users WHERE name = %s and realm = %
> s") at mod_authn_dbd.c:72

That should be line 70, not 72.  Still slightly confusing.

Anyway, this traceback iidentifies the problem: we need to make a
special case of a null server name.

> The problem is that s->server_hostname is sent as 'key' to
> apr_hash_get(). But it is NULL if ServerName directive is not set in the
> httpd.conf. Simply adding following to httpd.conf solved the problem:
>
> SeverName 127.0.0.1:80
>
> ( I should mention that 2.2.2 with similar setup did not crash even
> without the ServerName directive )

Yes, the fix in 2.2.3 over 2.2.2 was for a bug in handling of virtualhosts.
Thanks for the report, and for helping to fix it!

I'll commit a patch to /trunk/ shortly.

-- 
Nick Kew

Re: apache 2.2 crashes at the start time in mod_dbd.c then preparing AuthDBDUserPWQuery

[paritosh <pa...@limewire.co.in>]

On Fri, 2006-08-18 at 10:23 +0100, Nick Kew wrote:
> On Friday 18 August 2006 08:19, paritosh wrote:
> > Hi Nick,
> >
> > I'm using the latest revision of mod_dbd.c and I still get a segfault on
> > startup. My setup:
> >
> > CONFIGURE FLAGS:
> > ./configure --enable-so --enable-auth-digest --enable-dbd
> > --enable-authn-dbd --with-mysql=/usr
> 
> So that's static compilation ...
> >
> > HTTPD.CONF:
> 
> Looks fine, but
> 
> >   AuthDBDUserRealmQuery "SELECT pwhash FROM users WHERE name = %s and
> > realm = %s"
> 
> doesn't look much like
> 
> > #4  0x0807dedb in authn_dbd_prepare (cmd=0xbfc9701c, cfg=0x812d190,
> > query=0x812d198 "SELECT pwhash FROM principals INNER JOIN users ON
> > principals.resource_id = users.principal_id WHERE name = %s and name !=
> > %s") at mod_authn_dbd.c:72
> 
> 
> > GDB BACKTRACE:
> 
> OK, here we have a problem at:
> 
> > #3  0x08082a96 in ap_dbd_prepare (s=0x80d3ab0, query=0xffffffff <Address
> > 0xffffffff out of bounds>, label=0xffffffff <Address 0xffffffff out of
> > bounds>) at mod_dbd.c:152
> 
> where the query and label pointers are garbage.  That's the kind of
> thing I'd expect if one or more of your modules was compiled on a
> slightly different architecture.  But I guess we can rule that out
> since you compiled statically (assuming you compiled on the same
> machine it's running on?)
> 
Yes, it's the same machine.

> Can you compile mod_dbd (and perhaps also mod_authn_dbd) with
> -O0 rather than the default -O2, so we don't get that kind of report
> as an artifact of compilation optimisation?
> 
> 

recompiled everything with -O0, the new backtrace is:

(gdb) run -X -d ..
[Thread debugging using libthread_db enabled]
[New Thread -1212528960 (LWP 10335)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1212528960 (LWP 10335)]
0xb7d55f2d in apr_hashfunc_default (char_key=0x0, klen=0xbf94b1d8) at
tables/apr_hash.c:228
/home/paritosh/limespot/apache2.2.3/srclib/apr/tables/apr_hash.c:228:7055:beg:0xb7d55f2d
(gdb) bt
#0  0xb7d55f2d in apr_hashfunc_default (char_key=0x0, klen=0xbf94b1d8)
at tables/apr_hash.c:228
#1  0xb7d55fad in find_entry (ht=0x813f270, key=0x0, klen=-1, val=0x0)
at tables/apr_hash.c:260
#2  0xb7d5626f in apr_hash_get (ht=0x813f270, key=0x0, klen=-1) at
tables/apr_hash.c:330
#3  0x0808c433 in ap_dbd_prepare (s=0x80eaab0, query=0x8144178 "SELECT
pwhash FROM users WHERE name = %s and realm = %s", label=0x81441b8
"authn_dbd_1") at mod_dbd.c:152
#4  0x08086243 in authn_dbd_prepare (cmd=0xbf94b76c, cfg=0x8144170,
query=0x8144178 "SELECT pwhash FROM users WHERE name = %s and realm = %
s") at mod_authn_dbd.c:72
#5  0x0807a59e in invoke_cmd (cmd=0x80c9218, parms=0xbf94b76c,
mconfig=0x8144170, args=0x8125541 "") at config.c:768
#6  0x0807b70a in ap_walk_config_sub (current=0x81254e8,
parms=0xbf94b76c, section_vector=0x8143ba8) at config.c:1141
#7  0x0807b7a4 in ap_walk_config (current=0x81254e8, parms=0xbf94b76c,
section_vector=0x8143ba8) at config.c:1174
#8  0x0806fbc4 in urlsection (cmd=0xbf94b76c, mconfig=0x8125198,
arg=0x8143e28 "") at core.c:1942
#9  0x0807a3f6 in invoke_cmd (cmd=0x80c67f8, parms=0xbf94b76c,
mconfig=0x8125198, args=0x81253c8 "/private>") at config.c:735
#10 0x0807b70a in ap_walk_config_sub (current=0x812b1f8,
parms=0xbf94b76c, section_vector=0x8124228) at config.c:1141
#11 0x0807b7a4 in ap_walk_config (current=0x812b1f8, parms=0xbf94b76c,
section_vector=0x8124228) at config.c:1174
#12 0x0807c7b3 in ap_process_config_tree (s=0x80eaab0,
conftree=0x812a308, p=0x80e20a8, ptemp=0x8122220) at config.c:1743
#13 0x08062507 in main (argc=4, argv=0xbf94b8f4) at main.c:621

The problem is that s->server_hostname is sent as 'key' to
apr_hash_get(). But it is NULL if ServerName directive is not set in the
httpd.conf. Simply adding following to httpd.conf solved the problem:

SeverName 127.0.0.1:80

( I should mention that 2.2.2 with similar setup did not crash even
without the ServerName directive )

Re: apache 2.2 crashes at the start time in mod_dbd.c then preparing AuthDBDUserPWQuery

[Nick Kew <ni...@webthing.com>]

On Friday 18 August 2006 08:19, paritosh wrote:
> Hi Nick,
>
> I'm using the latest revision of mod_dbd.c and I still get a segfault on
> startup. My setup:
>
> CONFIGURE FLAGS:
> ./configure --enable-so --enable-auth-digest --enable-dbd
> --enable-authn-dbd --with-mysql=/usr

So that's static compilation ...
>
> HTTPD.CONF:

Looks fine, but

>   AuthDBDUserRealmQuery "SELECT pwhash FROM users WHERE name = %s and
> realm = %s"

doesn't look much like

> #4  0x0807dedb in authn_dbd_prepare (cmd=0xbfc9701c, cfg=0x812d190,
> query=0x812d198 "SELECT pwhash FROM principals INNER JOIN users ON
> principals.resource_id = users.principal_id WHERE name = %s and name !=
> %s") at mod_authn_dbd.c:72


> GDB BACKTRACE:

OK, here we have a problem at:

> #3  0x08082a96 in ap_dbd_prepare (s=0x80d3ab0, query=0xffffffff <Address
> 0xffffffff out of bounds>, label=0xffffffff <Address 0xffffffff out of
> bounds>) at mod_dbd.c:152

where the query and label pointers are garbage.  That's the kind of
thing I'd expect if one or more of your modules was compiled on a
slightly different architecture.  But I guess we can rule that out
since you compiled statically (assuming you compiled on the same
machine it's running on?)

Can you compile mod_dbd (and perhaps also mod_authn_dbd) with
-O0 rather than the default -O2, so we don't get that kind of report
as an artifact of compilation optimisation?


-- 
Nick Kew