You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2012/03/09 11:08:37 UTC
DO NOT REPLY [Bug 52865] New: Crash by segmentation fault in
mod_authn_core in Apache-2.4.1
https://issues.apache.org/bugzilla/show_bug.cgi?id=52865
Bug #: 52865
Summary: Crash by segmentation fault in mod_authn_core in
Apache-2.4.1
Product: Apache httpd-2
Version: 2.4.1
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_authn_core
AssignedTo: bugs@httpd.apache.org
ReportedBy: tixu@cs.ucsd.edu
Classification: Unclassified
To replay it, set the following configuration entries in the httpd.conf:
LoadModule authn_core_module modules/mod_authn_core.so
<AuthnProviderAlias file file1>
AuthName "dfdf"
</AuthnProviderAlias>
Start server and you will see the segmentation fault.
I don't quite understand the problem.
I put some printf() in the invoke_cmd() function. It seems that the segfault
occurs when it's executing the AuthName directive. The code reaches “return
cmd->AP_TAKE1(parms, mconfig, w);” but does not reach the handler function of
the AuthName directive -- set_authname().
Please check it.
Thanks a lot!!!
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 52865] Crash by segmentation fault in
mod_authn_core in Apache-2.4.1
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52865
--- Comment #4 from Tianyin Xu <ti...@cs.ucsd.edu> 2012-03-12 10:02:03 UTC ---
(In reply to comment #2)
> It seems AuthnProviderAlias breaks some assumption in
> create_digest_dir_config(). The crash does not happen if I remove these lines:
>
> --- a/modules/aaa/mod_auth_digest.c
> +++ b/modules/aaa/mod_auth_digest.c
> @@ -454,10 +454,6 @@ static void *create_digest_dir_config(apr_pool_t *p, char
> *dir)
> {
> digest_config_rec *conf;
>
> - if (dir == NULL) {
> - return NULL;
> - }
> -
> conf = (digest_config_rec *) apr_pcalloc(p, sizeof(digest_config_rec));
> if (conf) {
> conf->qop_list = apr_palloc(p, sizeof(char*));
>
>
> I haven't tested if this makes AuthnProviderAlias actually work, though. Can
> you try it?
by the way, could you also explain a little bit about the problem?
thanks a lot!
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 52865] Crash by segmentation fault in
mod_authn_core in Apache-2.4.1
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52865
--- Comment #5 from Stefan Fritsch <sf...@sfritsch.de> 2012-03-12 19:44:30 UTC ---
mod_auth_digest tries to avoid allocating memory for its own config struct in
global server context because AuthDigestShmemSize, which is its only directive
allowed in that context, doesn't need the struct. This optimization breaks with
AuthnProviderAlias.
I don't know yet if the correct fix is to make AuthnProviderAlias simulate
per-directory context, or if mod_auth_digest should be changed to either not
make that optimization, or to detect global server context in a different way.
Also, I am not familiar enough with AuthnProviderAlias to say if it should
support AuthName and AuthType. If yes, then this is probably a different bug
than the segfault. If no, AuthnProviderAlias should log an error if these
directives are used. Maybe someone more familiar with AuthnProviderAlias could
comment?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 52865] Crash by segmentation fault in
mod_authn_core in Apache-2.4.1
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52865
--- Comment #1 from Tianyin Xu <ti...@cs.ucsd.edu> 2012-03-09 10:41:42 UTC ---
Oh, sorry, I missed sth in the previous email.
To replay it, using the following configurations (have to load both modules):
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule auth_digest_module modules/mod_auth_digest.so
<AuthnProviderAlias file file1>
AuthName "dfdf"
</AuthnProviderAlias>
It seems the two module has some conflicts?
(In reply to comment #0)
> To replay it, set the following configuration entries in the httpd.conf:
>
> LoadModule authn_core_module modules/mod_authn_core.so
> <AuthnProviderAlias file file1>
> AuthName "dfdf"
> </AuthnProviderAlias>
>
> Start server and you will see the segmentation fault.
>
> I don't quite understand the problem.
>
> I put some printf() in the invoke_cmd() function. It seems that the segfault
> occurs when it's executing the AuthName directive. The code reaches “return
> cmd->AP_TAKE1(parms, mconfig, w);” but does not reach the handler function of
> the AuthName directive -- set_authname().
>
> Please check it.
>
> Thanks a lot!!!
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 52865] Crash by segmentation fault in
mod_authn_core in Apache-2.4.1
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52865
Tianyin Xu <ti...@cs.ucsd.edu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tixu@cs.ucsd.edu
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 52865] Crash by segmentation fault in
mod_authn_core in Apache-2.4.1
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52865
--- Comment #3 from Tianyin Xu <ti...@cs.ucsd.edu> 2012-03-12 09:04:58 UTC ---
(In reply to comment #2)
> It seems AuthnProviderAlias breaks some assumption in
> create_digest_dir_config(). The crash does not happen if I remove these lines:
>
> --- a/modules/aaa/mod_auth_digest.c
> +++ b/modules/aaa/mod_auth_digest.c
> @@ -454,10 +454,6 @@ static void *create_digest_dir_config(apr_pool_t *p, char
> *dir)
> {
> digest_config_rec *conf;
>
> - if (dir == NULL) {
> - return NULL;
> - }
> -
> conf = (digest_config_rec *) apr_pcalloc(p, sizeof(digest_config_rec));
> if (conf) {
> conf->qop_list = apr_palloc(p, sizeof(char*));
>
>
> I haven't tested if this makes AuthnProviderAlias actually work, though. Can
> you try it?
Yes, I tried. Now there's no segfault any more.
But actually directives like AuthName and AuthType has no effect in the
<AuthnProviderAlias> block.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 52865] Crash by segmentation fault in
mod_authn_core in Apache-2.4.1
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52865
--- Comment #6 from Tianyin Xu <ti...@cs.ucsd.edu> 2012-03-13 00:28:50 UTC ---
(In reply to comment #5)
> mod_auth_digest tries to avoid allocating memory for its own config struct in
> global server context because AuthDigestShmemSize, which is its only directive
> allowed in that context, doesn't need the struct. This optimization breaks with
> AuthnProviderAlias.
>
> I don't know yet if the correct fix is to make AuthnProviderAlias simulate
> per-directory context, or if mod_auth_digest should be changed to either not
> make that optimization, or to detect global server context in a different way.
>
Vielen Dank, Stefan!
I will take a look at this issue. Your information is helpful.
> Also, I am not familiar enough with AuthnProviderAlias to say if it should
> support AuthName and AuthType. If yes, then this is probably a different bug
> than the segfault. If no, AuthnProviderAlias should log an error if these
> directives are used. Maybe someone more familiar with AuthnProviderAlias could
> comment?
Hmmm... this should not be a big thing. There are already too many silent
behavior in current Apache :P
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 52865] Crash by segmentation fault in
mod_authn_core in Apache-2.4.1
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52865
--- Comment #2 from Stefan Fritsch <sf...@sfritsch.de> 2012-03-12 01:06:14 UTC ---
It seems AuthnProviderAlias breaks some assumption in
create_digest_dir_config(). The crash does not happen if I remove these lines:
--- a/modules/aaa/mod_auth_digest.c
+++ b/modules/aaa/mod_auth_digest.c
@@ -454,10 +454,6 @@ static void *create_digest_dir_config(apr_pool_t *p, char
*dir)
{
digest_config_rec *conf;
- if (dir == NULL) {
- return NULL;
- }
-
conf = (digest_config_rec *) apr_pcalloc(p, sizeof(digest_config_rec));
if (conf) {
conf->qop_list = apr_palloc(p, sizeof(char*));
I haven't tested if this makes AuthnProviderAlias actually work, though. Can
you try it?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org