You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2016/10/18 22:02:07 UTC
[Bug 60275] New: [patch] segfault on ap_fcgi_encoded_env_len if an
environment variable value is null
https://bz.apache.org/bugzilla/show_bug.cgi?id=60275
Bug ID: 60275
Summary: [patch] segfault on ap_fcgi_encoded_env_len if an
environment variable value is null
Product: Apache httpd-2
Version: 2.4.23
Hardware: PC
OS: Linux
Status: NEW
Severity: critical
Priority: P2
Component: mod_proxy_fcgi
Assignee: bugs@httpd.apache.org
Reporter: alex2grad@gmail.com
Created attachment 34388
--> https://bz.apache.org/bugzilla/attachment.cgi?id=34388&action=edit
The patch which fixes segfault in ap_fcgi_encoded_env_len/ap_fcgi_encode_env
If the value of environment variable is NULL then the next code in the function
ap_fcgi_encoded_env_len causes segfault
----
vallen = strlen(elts[i].val);
----
The AUTHENTICATE_* environment variables could be NULL
if the a SQL query returns NULL values.
Attached patch fixes this issue.
The backtrace
=============
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f0649d04710 (LWP 12340)]
0x00007f0650bc09a2 in strlen () from /lib64/libc.so.6
(gdb) bt
#0 0x00007f0650bc09a2 in strlen () from /lib64/libc.so.6
#1 0x00007f0653391530 in ap_fcgi_encoded_env_len ()
#2 0x00007f064ce4b88d in ?? () from /opt/lib/httpd/modules/mod_proxy_fcgi.so
#3 0x00007f064d25c732 in proxy_run_scheme_handler () from
/opt/lib/httpd/modules/mod_proxy.so
#4 0x00007f064d261863 in ?? () from /opt/lib/httpd/modules/mod_proxy.so
#5 0x00007f0653388cc0 in ap_run_handler ()
#6 0x00007f065338d11e in ap_invoke_handler ()
#7 0x00007f06533a145a in ap_process_async_request ()
#8 0x00007f065339d561 in ?? ()
#9 0x00007f06533941f0 in ap_run_process_connection ()
#10 0x00007f064c36e485 in ?? () from /opt/lib/httpd/modules/mod_mpm_event.so
#11 0x00007f06510be980 in start_thread () from /lib64/libpthread.so.0
#12 0x00007f0650c23b3d in clone () from /lib64/libc.so.6
=============
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 60275] [patch] segfault on ap_fcgi_encoded_env_len if an
environment variable value is null
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60275
--- Comment #3 from alex2grad@gmail.com ---
(In reply to Eric Covener from comment #1)
> Thanks Alex, do you know if these are safe to be put in the environment
> passed down to the FCGI? Curious if you've seen them listed out on the
> other side safely after the patch.
I use the $_SERVER["AUTHENTICATE_*"] variables in PHP-FPM.
This patch resolved the issue.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 60275] [patch] segfault on ap_fcgi_encoded_env_len if an
environment variable value is null
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60275
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |FixedInTrunk
--- Comment #2 from Eric Covener <co...@gmail.com> ---
commited with cosmetic changes to trunk and will propose for backport
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 60275] [patch] segfault on ap_fcgi_encoded_env_len if an
environment variable value is null
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60275
--- Comment #1 from Eric Covener <co...@gmail.com> ---
Thanks Alex, do you know if these are safe to be put in the environment passed
down to the FCGI? Curious if you've seen them listed out on the other side
safely after the patch.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 60275] [patch] segfault on ap_fcgi_encoded_env_len if an
environment variable value is null
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60275
alex2grad@gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |PatchAvailable
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 60275] [patch] segfault on ap_fcgi_encoded_env_len if an
environment variable value is null
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60275
Jim Jagielski <ji...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org