On Jul 27, 2008, at 5:52 AM, Simon Wilkinson wrote:
>
> On 27 Jul 2008, at 02:13, Andrew Mortensen wrote:
>
>> I noticed while testing a build from CVS head that mod_cosign causes
>> apache to dump core when httpd is shutting down. This was introduced
>> with the connection reordering patch. The culprit is a NULL
>> dereference in the child_exit handler:
>
> I think this must depend on the way in which your Apache
> configuration is written. We've been running with the connection
> ordering patch for a while now without seeing segfaults. In
> particular, cfg->cl will only be NULL if you reach
> cosign_child_cleanup without having called set_cosign_host().
> Essentially, this means that your configuration file doesn't contain
> the 'CosignService' directive at the server level.
Hmm, that's not the case here. gdb confirms I'm hitting
set_cosign_host, and it's certainly building a valid connlist for me.
cfg->cl's still null in cosign_child_cleanup. This is just a simple
cosign module development host, and the only service defined is in an
included conf file, wrapped in an IfModule directive:
<IfModule mod_cosign.c>
CosignProtected On
CosignHostname cosign-xxx.xxx.umich.edu
CosignRedirect https://cosign-xxx.xxx.umich.edu/
CosignPostErrorRedirect http://cosign-xxx.xxx.umich.edu/post_error.html
CosignService xxx.xxx.xxx
CosignCrypto X X X
<Location /ErrorDocuments/>
CosignProtected Off
</Location>
<Location /cgi-bin/host>
CosignProtected Off
</Location>
</IfModule>
>> In my testing, cfg->cl is always null here. We may be able to get
>> away
>> without a handler at all, as it's only called when the child process
>> is exiting.
>
> Yes - I'm not sure what benefits this handler serves, given
> connections will be closed, and memory freed, when the process
> exits. It also never handled the case where cosign servers are
> defined outside the server level configuration.
I favor removing it. It's effectively useless. As far as I can tell,
the lack of an analogous handler in the apache2 filter isn't causing
any problems.
>> The teardown_conn call isn't even used by the apache2 filter, though
>> that would change if we add checking for stale DNS to the filters.
>> I've heard someone from ed.ac.uk may have just such a patch. True?
>
> There is a patch at https://www.ease.ed.ac.uk/dist/mod_cosign.patch
> This isn't mine, and I can't comment on its copyright status. It's
> author is on this list though, so perhaps they can comment ...
The Umich web team has requested something that will solve the stale
DNS issue. It'd be very nice to use code that's already written. If
the licensing can't be worked out with this patch, they'll probably
ask us to write our own.
andrew
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
