You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2012/08/02 16:35:51 UTC
[Bug 53643] New: apache segfaults with mod_authn_dbd when dbd_min is
zero
https://issues.apache.org/bugzilla/show_bug.cgi?id=53643
Priority: P2
Bug ID: 53643
Assignee: bugs@httpd.apache.org
Summary: apache segfaults with mod_authn_dbd when dbd_min is
zero
Severity: critical
Classification: Unclassified
OS: Linux
Reporter: erno.kovacs@freemail.hu
Hardware: PC
Status: NEW
Version: 2.2.22
Component: mod_authn_dbd
Product: Apache httpd-2
apache segfaults with mod_authn_dbd when dbd_min is zero:
# tail -f error.log
[Thu Aug 02 16:27:37 2012] [info] mod_ssl/2.2.22 compiled against Server:
Apache/2.2.22, Library: OpenSSL/0.9.8o
[Thu Aug 02 16:27:37 2012] [notice] Apache/2.2.22 (Unix) mod_ssl/2.2.22
OpenSSL/0.9.8o configured -- resuming normal operations
[Thu Aug 02 16:27:37 2012] [info] Server built: Aug 2 2012 15:37:02
[Thu Aug 02 16:27:37 2012] [debug] worker.c(1757): AcceptMutex: sysvsem
(default: sysvsem)
[Thu Aug 02 16:27:39 2012] [notice] child pid 13127 exit signal Segmentation
fault (11)
Config line for compiling against the Squeeze packages is:
./configure --prefix=/usr/local/apachetest --disable-echo --enable-cache
--disable-include \
--enable-ssl --enable-http --enable-cgi --disable-imap
--disable-userdir \
--enable-dbd --enable-authn-dbd --with-apr=/usr
--with-apr-util=/usr \
--enable-so --enable-rewrite --disable-vhost-alias
--with-mpm=worker
# dpkg -l|grep apr
ii libapr1 1.4.2-6+squeeze4 The Apache
Portable Runtime Library
ii libapr1-dev 1.4.2-6+squeeze4 The Apache
Portable Runtime Library - Development Headers
ii libaprutil1 1.3.9+dfsg-5 The Apache
Portable Runtime Utility Library
ii libaprutil1-dbd-mysql 1.3.9+dfsg-5 The Apache
Portable Runtime Utility Library - MySQL Driver
ii libaprutil1-dev 1.3.9+dfsg-5 The Apache
Portable Runtime Utility Library - Development Headers
httpd.conf:
############################################################### alapveto adatok
begin
ServerRoot "/usr/local/apachetest"
Listen 50080
User nobody
Group nogroup
ServerAdmin tech@xxxxxxx.hu
ServerName xxxxxxx.hu:80
DocumentRoot "/usr/local/apachetest/htdocs"
DirectoryIndex index.html index.htm index.php
ExtendedStatus on
ServerTokens Prod
ServerSignature Off
DefaultType text/plain
Timeout 30
Keepalive on
MaxKeepAliveRequests 100
KeepAliveTimeout 5
UseCanonicalName Off
AccessFilename .htaccess
HostnameLookups off
CoreDumpDirectory /tmp
############################################################### alapveto adatok
end
############################################################### MPM begin
ThreadLimit 10
ThreadsPerChild 1
ServerLimit 10
MaxClients 10
StartServers 1
MinSpareThreads 1
MaxSpareThreads 1
ThreadStackSize 131072
MaxRequestsPerChild 10000
############################################################### MPM end
#################################################################### mod_dbd
begin
DBDriver mysql
DBDParams "host=mysql.xxxxxxx.hu dbname=xxxxxxx user=xxxxxxx password=xxxxxxx"
DBDMin 0
DBDKeep 5
DBDMax 10
DBDExptime 60
#################################################################### mod_dbd
end
############################################################### access control
begin
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory /usr/local/apachetest/htdocs>
Order allow,deny
Allow from all
AuthType Basic
AuthName "My Server"
AuthBasicProvider dbd
# core authorization configuration
Require valid-user
AuthDBDUserPWQuery "SELECT pd_password FROM w3_protecteddirs WHERE
pd_username = %s"
</Directory>
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
############################################################### access control
end
################################################################### logging
begin
PidFile "logs/httpd.pid"
ErrorLog "logs/error.log"
LogLevel debug
LogFormat "%h %V %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\""
TransferLog "logs/access.log"
#################################################################### logging
end
If I increase DBD_Min to 1, Apache does not crash.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 53643] apache segfaults with mod_authn_dbd when dbd_min is zero
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=53643
--- Comment #1 from erno.kovacs@freemail.hu ---
However DBD_Min 0 is definetly a problem, and with a higher value
authentication works fine, I can still reproduce the segfaults by pushing F5
(refresh) in the browser for a few minutes.
I believe this is a stack issue, as I increase ThreadStackSize it works OK, no
segfaults. I would recommend mentioning this in documentation. 256KByte seems
to be enough.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 53643] apache segfaults with mod_authn_dbd when dbd_min is zero
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=53643
--- Comment #2 from erno.kovacs@freemail.hu ---
Nevertheles, Apache even segfaults, when DBD is not configured at all in
rsrc_conf and an attacker has the ability to upload .htaccess files with
content of AuthBasicProvider dbd and AllowOverride AuthConfig is on.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org