You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2007/09/28 16:08:03 UTC
DO NOT REPLY [Bug 43504] New: - ajp buffer overflow using mod_proxy
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43504>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43504
Summary: ajp buffer overflow using mod_proxy
Product: Apache httpd-2
Version: 2.2.6
Platform: All
OS/Version: Linux
Status: NEW
Severity: critical
Priority: P2
Component: mod_proxy_balancer
AssignedTo: bugs@httpd.apache.org
ReportedBy: marcus.albrecht@sycor.de
Dear Ladies and Gentlemen,
after upgrading vom Apache 2.2.4 to 2.2.6 my configuration with mod_proxy and
AJP stopped working.
Downgrading to 2.2.4 it worked again. (Platform is Red Hat Linux Enterprise 4)
The Apache error log showed:
[Fri Sep 28 14:38:53 2007] [error] ajp_msg_append_uint8():
BufferOverflowException 4 4
[Fri Sep 28 14:38:53 2007] [error] ajp_msg_append_uint8():
BufferOverflowException 4 4
When accessing the webpage i got:
"Service Temporarily Unavailable
The server is temporarily unable to service your request due to maintenance
downtime or capacity problems. Please try again later."
There are two servers which are spoken to via mod_proxy / balancer and AJP.
One is primary and the other standby. Normally the first gets served. After
upgrading to 2.2.6 the state of the primary changes to error and the standby
does not jump in.
The Backends are Tomcat 5.5.20.
Balancer Page:
Load Balancer Manager for www.xxx.com
Server Version: Apache/2.2.6 (Unix) mod_ssl/2.2.6 PHP/5.2.3
Server Built: Sep 28 2007 13:05:04
--------------------------------------------------------------------------------
LoadBalancer Status for balancer://testname_lb
StickySession Timeout FailoverAttempts Method
0 1 byrequests
Worker URL Route RouteRedir Factor Set Status Elected To From
ajp://192.168.40.146:8009 1 0 Stby Ok 0 0 0
ajp://192.168.40.145:8009 1 0 Err 4 0 0
Apache 2.2.4 and 2.2.6 are both compiled with the following parameters:
./configure --prefix=/usr/local/apache2 --enable-proxy --enable-proxy-ajp --
enable-proxy-balancer --enable-proxy-connect --enable-proxy-http --enable-
rewrite --enable-ssl --with-mpm=worker --with-included-apr
Bes regards,
Marcus Albrecht
-------------
Apache Config:
ServerRoot "/usr/local/apache2"
Listen 80
HostnameLookups off
LoadModule php5_module modules/libphp5.so
AddType application/x-httpd-php .php .phtml
<IfModule !mpm_netware_module>
User nobody
Group nobody
</IfModule>
ServerAdmin info@xxx.de
ServerName xxx.xxx.de
DocumentRoot "/usr/local/apache2/htdocs"
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory "/usr/local/apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
ErrorLog logs/error_log
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %
I %O" combinedio
</IfModule>
CustomLog logs/access_log common
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"
</IfModule>
<IfModule cgid_module>
#Scriptsock logs/cgisock
</IfModule>
<Directory "/usr/local/apache2/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
DefaultType text/plain
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
# Server-pool management (MPM specific)
Include conf/extra/httpd-mpm.conf
# Multi-language error messages
#Include conf/extra/httpd-multilang-errordoc.conf
# Fancy directory listings
#Include conf/extra/httpd-autoindex.conf
# Language settings
#Include conf/extra/httpd-languages.conf
# User home directories
#Include conf/extra/httpd-userdir.conf
# Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf
# Virtual hosts
NameVirtualHost xxx.xxx.xxx.xxx:80
# Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf
# Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf
# Various default settings
#Include conf/extra/httpd-default.conf
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
<VirtualHost xxx.xxx.xxx.xxx:80>
ServerName www.xxx.com
ServerAdmin info@xxx.com
# DocumentRoot /data/domain/xxx/html/
ErrorLog /data/xxx-error.log
CustomLog /data/xxx-access.log combined
KeepAlive On
KeepAliveTimeout 2
ProxyRequests Off
RewriteEngine On
# If /cps* the get Data from internal
RewriteCond %{REQUEST_URI} /cps[\/]?
#RewriteRule ^/(.*) ajp://192.168.40.145:8009/$1 [L,P]
RewriteRule ^/(.*) balancer://testname_lb/$1 [L,P]
# If anythin else then above the redicet to first page (Proxy Pass with rewrite)
RewriteCond %{REQUEST_URI} /.*
RewriteRule ^/$ balancer://testname_lb/cps/rde/xchg/project/hs.xsl/index.html
[P]
RewriteRule ^/index.html$
balancer://testname_lb/cps/rde/xchg/project/index.html [P]
<Proxy balancer://testname_lb>
BalancerMember ajp://192.168.40.146:8009 keepalive=on ping=15 timeout=30
status=+H
BalancerMember ajp://192.168.40.145:8009 keepalive=on ping=15 timeout=30
ProxySet lbmethod=byrequests
</Proxy>
<Location /balancer-manager/>
SetHandler balancer-manager
Order Deny,Allow
Deny from all
Allow from 192.168
</Location>
</VirtualHost>
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 43504] - ajp buffer overflow using mod_proxy
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43504>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43504
marcus.albrecht@sycor.de changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 43504] - ajp buffer overflow using mod_proxy
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43504>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43504
rpluem@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
------- Additional Comments From rpluem@apache.org 2008-01-22 12:31 -------
Can you please try to apply the following patch, which is a backport of the
following trunk revisions:
http://svn.apache.org/viewvc?view=rev&revision=467259
http://svn.apache.org/viewvc?view=rev&revision=467274
Index: modules/proxy/ajp.h
===================================================================
--- modules/proxy/ajp.h (Revision 614304)
+++ modules/proxy/ajp.h (Arbeitskopie)
@@ -147,6 +147,7 @@
#define AJP_MSG_BUFFER_SZ 8192
#define AJP_MAX_BUFFER_SZ 65536
#define AJP13_MAX_SEND_BODY_SZ (AJP_MAX_BUFFER_SZ - AJP_HEADER_SZ)
+#define AJP_PING_PONG_SZ 128
/** Send a request from web server to container*/
#define CMD_AJP13_FORWARD_REQUEST (unsigned char)2
Index: modules/proxy/ajp_utils.c
===================================================================
--- modules/proxy/ajp_utils.c (Revision 614304)
+++ modules/proxy/ajp_utils.c (Arbeitskopie)
@@ -31,7 +31,7 @@
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"Into ajp_handle_cping_cpong");
- rc = ajp_msg_create(r->pool, AJP_HEADER_SZ_LEN+1, &msg);
+ rc = ajp_msg_create(r->pool, AJP_PING_PONG_SZ, &msg);
if (rc != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"ajp_handle_cping_cpong: ajp_msg_create failed");
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 43504] - ajp buffer overflow using mod_proxy
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43504>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43504
marcus.albrecht@sycor.de changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org