[Bug 55284] repeatable segv

Mon, 29 Jul 2013 16:40:22 -0700 

https://issues.apache.org/bugzilla/show_bug.cgi?id=55284

--- Comment #9 from Daniel Black <[email protected]> ---
(In reply to Graham Leggett from comment #8)
> Can you try this patch and verify whether it works?
> 

It did fix  wget --http-user='username' --http-password='password' -S 
http://localhost:801/digest/qop_none -O /dev/null


Unfixed is (apache2.4.4 only):

wget --http-user='username' --http-password='password' -S
http://localhost:801/digest/nc/index.html -O /dev/null

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/local/apache2/bin/httpd -k start'.
Program terminated with signal 11, Segmentation fault.
#0  __GI_____strtol_l_internal (nptr=0x0, endptr=0x7f9be6ff4a58, base=16,
group=<optimized out>, loc=0x3d74db1020) at ../stdlib/strtol_l.c:298
298       while (ISSPACE (*s))
Missing separate debuginfos, use: debuginfo-install apr-1.4.6-1.fc17.x86_64
apr-util-1.4.1-2.fc17.x86_64 db4-4.8.30-10.fc17.x86_64
expat-2.1.0-3.1.fc17.x86_64 libgcc-4.7.2-2.fc17.x86_64
libuuid-2.21.2-4.fc17.x86_64 nss-mdns-0.10-10.fc17.x86_64
nss-myhostname-0.3-2.fc17.x86_64 nss-softokn-freebl-3.14.3-1.fc17.x86_64
pcre-8.21-7.fc17.x86_64
(gdb) bt
#0  __GI_____strtol_l_internal (nptr=0x0, endptr=0x7f9be6ff4a58, base=16,
group=<optimized out>, loc=0x3d74db1020) at ../stdlib/strtol_l.c:298
#1  0x00007f9bf3bfc47e in check_nc (r=0x7f9bd80089a0, resp=0x7f9bd8009f60,
conf=0x7f9bd800be78) at mod_auth_digest.c:1495
#2  0x00007f9bf3bfe362 in authenticate_digest_user (r=0x7f9bd80089a0) at
mod_auth_digest.c:1949
#3  0x000000000044624c in ap_run_check_user_id (r=0x7f9bd80089a0) at
request.c:79
#4  0x000000000044752c in ap_process_request_internal (r=0x7f9bd80089a0) at
request.c:233
#5  0x000000000046e3b8 in ap_process_async_request (r=0x7f9bd80089a0) at
http_request.c:315
#6  0x000000000046a8d9 in ap_process_http_async_connection (c=0x7f9bec003520)
at http_core.c:143
#7  0x000000000046aac5 in ap_process_http_connection (c=0x7f9bec003520) at
http_core.c:228
#8  0x000000000045fb75 in ap_run_process_connection (c=0x7f9bec003520) at
connection.c:41
#9  0x0000000000478ac9 in process_socket (thd=0x26ac1d0, p=0x7f9bec003218,
sock=0x7f9bec0032a0, cs=0x7f9bec0034a8, my_child_num=0, my_thread_num=11)
    at event.c:964
#10 0x000000000047b0b7 in worker_thread (thd=0x26ac1d0, dummy=0x7f9bec001730)
at event.c:1812
#11 0x0000003d75207d14 in start_thread (arg=0x7f9be6ff5700) at
pthread_create.c:309
#12 0x0000003d74af168d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:115
(gdb) up
#1  0x00007f9bf3bfc47e in check_nc (r=0x7f9bd80089a0, resp=0x7f9bd8009f60,
conf=0x7f9bd800be78) at mod_auth_digest.c:1495
1495        nc = strtol(snc, &endptr, 16);
(gdb) list
1490            }
1491            /* qop is none, cannot check nonce count */
1492            return OK;
1493        }
1494
1495        nc = strtol(snc, &endptr, 16);
1496        if (endptr < (snc+strlen(snc)) && !apr_isspace(*endptr)) {
1497            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01773)
1498                          "invalid nc %s received - not a number", snc);
1499            return !OK;



GET http://localhost:801/digest/
with the following headers failed {'Content-Length': '0', 'Authorization': '\n 
      Digest username="username",\n        algorithm="MD5",\n       
realm="digest private area",\n        uri="/digest/",\n       
nonce="2mVN7K7iBAA=7b1dbe7c698f1691a19944afebef1c40b7e9e024",\n       
cnonce="",\n        nc="",\n        qop=auth,\n       
response="b30e94d7c2a265c8db99ea33ec2de3b2"\n    '}

This occurred after editing /var/www/html/digest_onetime/.htaccess to:
AuthType Digest
AuthName "digest private area"
AuthDigestDomain /digest_onetime/
AuthBasicProvider file
AuthUserFile /var/www/html/digest_onetime/.htpasswd
AuthDigestNonceLifetime 10
Require valid-user

It looks like come configs here are more global or at least not cascaded right.
I'll tar up the entire webroot just to be sure.

with the following core dump.

Core was generated by `/usr/local/apache2/bin/httpd -k start'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f9bf3bfad58 in add_client (key=6, info=0x7f9be77f5560, s=0x26a9508)
at mod_auth_digest.c:887
887         entry->next = client_list->table[bucket];
Missing separate debuginfos, use: debuginfo-install apr-1.4.6-1.fc17.x86_64
apr-util-1.4.1-2.fc17.x86_64 db4-4.8.30-10.fc17.x86_64
expat-2.1.0-3.1.fc17.x86_64 libgcc-4.7.2-2.fc17.x86_64
libuuid-2.21.2-4.fc17.x86_64 nss-mdns-0.10-10.fc17.x86_64
nss-myhostname-0.3-2.fc17.x86_64 nss-softokn-freebl-3.14.3-1.fc17.x86_64
pcre-8.21-7.fc17.x86_64
(gdb) list
882
883         /* now add the entry */
884
885         memcpy(entry, info, sizeof(client_entry));
886         entry->key  = key;
887         entry->next = client_list->table[bucket];
888         client_list->table[bucket] = entry;
889         client_list->num_created++;
890         client_list->num_entries++;
891
(gdb) bt
#0  0x00007f9bf3bfad58 in add_client (key=6, info=0x7f9be77f5560, s=0x26a9508)
at mod_auth_digest.c:887
#1  0x00007f9bf3bfb9db in gen_client (r=0x7f9bd4008990) at
mod_auth_digest.c:1151
#2  0x00007f9bf3bfbda3 in note_digest_auth_failure (r=0x7f9bd4008990,
conf=0x7f9bd400be88, resp=0x7f9bd8008470, stale=0) at mod_auth_digest.c:1289
#3  0x00007f9bf3bfe382 in authenticate_digest_user (r=0x7f9bd4008990) at
mod_auth_digest.c:1950
#4  0x000000000044624c in ap_run_check_user_id (r=0x7f9bd4008990) at
request.c:79
#5  0x000000000044752c in ap_process_request_internal (r=0x7f9bd4008990) at
request.c:233
#6  0x000000000044b602 in ap_sub_req_lookup_dirent (dirent=0x7f9be77f5a00,
r=0x7f9bd8006990, subtype=0, next_filter=0x0) at request.c:2182
#7  0x00007f9bf23c5990 in make_autoindex_entry (dirent=0x7f9be77f5a00,
autoindex_opts=1048576, d=0x26fc4d8, r=0x7f9bd8006990, keyid=78 'N', 
    direction=65 'A', pattern=0x0) at mod_autoindex.c:1335
#8  0x00007f9bf23c8757 in index_directory (r=0x7f9bd8006990,
autoindex_conf=0x26fc4d8) at mod_autoindex.c:2238
#9  0x00007f9bf23c89c7 in handle_autoindex (r=0x7f9bd8006990) at
mod_autoindex.c:2308
#10 0x000000000045299e in ap_run_handler (r=0x7f9bd8006990) at config.c:169
#11 0x00000000004532ec in ap_invoke_handler (r=0x7f9bd8006990) at config.c:432
#12 0x000000000046e3cd in ap_process_async_request (r=0x7f9bd8006990) at
http_request.c:317
#13 0x000000000046a8d9 in ap_process_http_async_connection (c=0x7f9bec003240)
at http_core.c:143
#14 0x000000000046aac5 in ap_process_http_connection (c=0x7f9bec003240) at
http_core.c:228
#15 0x000000000045fb75 in ap_run_process_connection (c=0x7f9bec003240) at
connection.c:41
#16 0x0000000000478ac9 in process_socket (thd=0x26ac1a0, p=0x7f9bec002f38,
sock=0x7f9bec002fc0, cs=0x7f9bec0031c8, my_child_num=1, my_thread_num=10)
    at event.c:964
#17 0x000000000047b0b7 in worker_thread (thd=0x26ac1a0, dummy=0x7f9bec0008c0)
at event.c:1812
#18 0x0000003d75207d14 in start_thread (arg=0x7f9be77f6700) at
pthread_create.c:309
#19 0x0000003d74af168d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:115

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to