mod_auth-any/1141: mod_auth_external uses putenv with an automatic variable. Unpredictable results ensue.

[andrew scriven <an...@research.natpower.co.uk>]

>Number:         1141
>Category:       mod_auth-any
>Synopsis:       mod_auth_external uses putenv with an automatic variable. Unpredictable results ensue.
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed Sep 17 05:50:00 1997
>Originator:     andy.scriven@research.natpower.co.uk
>Organization:
apache
>Release:        1.2.4
>Environment:
AIX 3.2.4 with AIX cc compiler
Hope report here is OK for contributed modules? I assume mod_auth-any
may cover mod_auth_external?
>Description:
The AIX documents say that when you use putenv, the memory space becomes part 
of the environment. If this memory space is an automatic variable, 
unpredictable results occur when calling function returns.

I surely got this. Using mod_auth_external to call some simple scripts gave
classic "unpredictable" results. Server worked OK for several calls, then began to 
errors, reporting invalid data from the system() call and failing all further
authorization.
>How-To-Repeat:
Anytime you use mod_auth_external, with environment variables on AIX and try
loading several protected pages. The called externals can be anything that 
returns a 0 exit code. The problem occurs whatever is called, script, binary etc.
>Fix:
Either make the putenv call use non-automatic memory, or use a different
way to pass arguments. I used command line args to system() call
>Audit-Trail:
>Unformatted: