You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2007/07/30 04:19:26 UTC
DO NOT REPLY [Bug 42995] New: - mod_authz_groupfile.c causes a segfault when r->user is not set
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42995>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42995
Summary: mod_authz_groupfile.c causes a segfault when r->user is
not set
Product: Apache httpd-2
Version: 2.2.4
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P2
Component: Core
AssignedTo: bugs@httpd.apache.org
ReportedBy: nick@cpanel.net
ap_hook_auth_checker(check_user_access, aszPre, NULL, APR_HOOK_MIDDLE);
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 42995] - mod_authz_groupfile.c causes a segfault when r->user is not set
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42995>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42995
------- Additional Comments From nick@cpanel.net 2007-07-29 19:40 -------
Should this be a ap_hook_check_user_id instead of ap_hook_auth_checker..
Based on the comment on line 309 on mod_authz_host.c I'd say it does but I'm
really not sure when it comes to apache guts:
/* This can be access checker since we don't require r->user to be set. */
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 42995] - mod_authz_groupfile.c causes a segfault when r->user is not set
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42995>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42995
rpluem@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
------- Additional Comments From rpluem@apache.org 2007-07-30 12:34 -------
(In reply to comment #2)
> Should this be a ap_hook_check_user_id instead of ap_hook_auth_checker..
No. The check_user_id hook is for authentication. mod_authz_groupfile performs
authorization. Therefore it needs to be in the auth_checker hook.
Furthermore it can only do its job in a meaningful manner if r->user is set
(that does not mean that it should crash if r->user is NULL).
Could you please provide the configuration that causes this crash?
This could be helpful for reproducing the crash.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 42995] - mod_authz_groupfile.c causes a segfault when r->user is not set
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42995>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42995
------- Additional Comments From nick@cpanel.net 2007-07-29 19:38 -------
0x004a40da in strcmp () from /lib/tls/libc.so.6(gdb) back
#0 0x004a40da in strcmp () from /lib/tls/libc.so.6
#1 0x08081386 in check_user_access (r=0x9bc7820) at mod_authz_groupfile.c:134
#2 0x0807405a in ap_run_auth_checker (r=0x9bc7820) at request.c:78
#3 0x08075cb8 in ap_process_request_internal (r=0x9bc7820) at request.c:226
#4 0x080b1609 in ap_process_request (r=0x9bc7820) at http_request.c:256
#5 0x080af2b1 in ap_process_http_connection (c=0x9bbd678) at http_core.c:184
#6 0x0807d6be in ap_run_process_connection (c=0x9bbd678) at connection.c:43
#7 0x080c8b63 in child_main (child_num_arg=Variable "child_num_arg" is not
available.) at prefork.c:640
#8 0x080c8d9a in make_child (s=Variable "s" is not available.) at prefork.c:736
#9 0x080c8e28 in startup_children (number_to_start=2) at prefork.c:754
#10 0x080c9673 in ap_mpm_run (_pconf=0x99c00a8, plog=0x9a0c1d8, s=0x99c7ce8) at
prefork.c:975
#11 0x080683d4 in main (argc=2, argv=0xbfe31674) at main.c:717(gdb)
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 42995] - mod_authz_groupfile.c causes a segfault when r->user is not set
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42995>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42995
------- Additional Comments From nick@cpanel.net 2007-07-30 13:10 -------
Created an attachment (id=20567)
--> (http://issues.apache.org/bugzilla/attachment.cgi?id=20567&action=view)
Sample .htaccess file
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 42995] - mod_authz_groupfile.c causes a segfault when r->user is not set
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42995>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42995
------- Additional Comments From nick@cpanel.net 2007-07-30 13:12 -------
The module has been stripped down the the bare minimum needed to make the
condition happen.
To reproduce
/usr/local/apache/bin/apxs -c mod_bug.c
/usr/local/apache/bin/apxs -i -a -n bug mod_bug.la
Visit site with .htaccess (attached) installed ... make sure you have a group
file with anything it in.
[Mon Jul 30 15:08:35 2007] [error] [client 198.66.78.2] wait for it
[Mon Jul 30 15:08:35 2007] [notice] child pid 18505 exit signal Segmentation
fault (11)
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 42995] - mod_authz_groupfile.c causes a segfault when r->user is not set
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42995>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42995
------- Additional Comments From rpluem@apache.org 2007-07-30 13:51 -------
Please provide a configuration that makes this problem reproducible with a
vanilla apache. If this only occurs with third party modules it is a bug in the
third party module even if mod_authz_group should not seg fault. An
authentication module should set r->user.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 42995] - mod_authz_groupfile.c causes a segfault when r->user is not set
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42995>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42995
------- Additional Comments From nick@cpanel.net 2007-07-30 13:55 -------
Its pretty easy to work around by setting r->user but in this case I'm just
making up a value to keep it from crashing. (r->user = "********") It really
would be nice to not have this hack though.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 42995] - mod_authz_groupfile.c causes a segfault when r->user is not set
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42995>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42995
------- Additional Comments From nick@cpanel.net 2007-07-30 13:11 -------
Created an attachment (id=20568)
--> (http://issues.apache.org/bugzilla/attachment.cgi?id=20568&action=view)
sample module that make condition apparent.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org