Bug#774313: marked as done (apache 2.4 crashes when using AuthPG)

Debian Bug Tracking System Sat, 17 Jan 2015 05:36:52 -0800

Your message dated Sat, 17 Jan 2015 13:33:21 +0000
with message-id <[email protected]>
and subject line Bug#774313: fixed in libapache2-mod-auth-pgsql 2.0.3-6.1
has caused the Debian Bug report #774313,
regarding apache 2.4 crashes when using AuthPG
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
774313: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774313
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: libapache2-mod-auth-pgsql
Version: 2.0.3-6
Severity: grave
Tags: patch

When using auth_pgsql_module, by protecting the whole or part of the website 
with e.g.

<Location "/">
  AuthName "Protected Realm"
  AuthType Basic
  AuthBasicProvider pgsql
  Auth_PG_authoritative On
  Auth_PG_host 127.0.0.1
  Auth_PG_port 5432
  Auth_PG_user XXX
  Auth_PG_pwd XXX
  Auth_PG_database XXX
  Auth_PG_pwd_table XXX
  Auth_PG_uid_field username
  Auth_PG_pwd_field password
  Auth_PG_encrypted off
  Require valid-user
</Location>

I'm getting sporadic crashes while delivering documents by apache, with the 
following messages in the error.log:

*** Error in `/usr/sbin/apache2': free(): invalid pointer: 0xa8d003e8 ***
[Wed Dec 31 01:17:38.593989 2014] [core:notice] [pid 2691:tid 3073836864] 
AH00052: child pid 2695 exit signal Aborted (6)
[Wed Dec 31 01:17:38.594083 2014] [core:notice] [pid 2691:tid 3073836864] 
AH00052: child pid 2696 exit signal Segmentation fault (11)

This behavior is also observed by other users:

https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1272857

(see comments #9, #10, #12, #13).

in comment #12, someone provided a patch which fixes this problem:

https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1272857/+attachment/4130261/+files/doublefree.patch

Here is the whole comment #12:

=====================
Andreas Gleißner (gleissner) wrote on 2014-06-12:
Hello,

I believe to have identified the problem and
propose a fix (see attachment).

The module has a global variable PGconn *pg_conn, which is a pointer to
a PostgreSQL connection.
The code determines if there is an active connection by checking if
pg_conn is non-NULL.
However, the connection is closed by calling PQfinish(pg_conn) without
resetting pg_conn to NULL.
The documentation of libpq says that PQfinish frees the memory used by
the PGConn object.
Hence, when Apache calls check_password the second time, the code
falsely assumes (as pg_conn != NULL) that there is an active connection
and tries to access the previously freed PGconn object, which results in
a segmentation fault.
The same problem applies to the pointer PGresult *pg_result, for which
PQclear(pg_result) is called.

My proposed solution consists in simply resetting pg_conn = NULL after
each call of PQfinish(pg_conn) and resetting pg_result = NULL after each
call of PQclear(pg_result).

Andreas
=====================

I also confirm that the proposed patch fixes the problem on my Debian sid 
system, after I've rebuilt the package with:

sudo apt-get build-dep libapache2-mod-auth-pgsql
apt-get source libapache2-mod-auth-pgsql
wget https://launchpadlibrarian.net/177475074/doublefree.patch
cd libapache2-mod-auth-pgsql-2.0.3
patch -p1 < ../doublefree.patch 
dpkg-buildpackage -rfakeroot -uc -b

Please fix the package in debian.

Best wishes,
Vladimir
-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.18.0-trunk-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages libapache2-mod-auth-pgsql depends on:
ii  apache2-bin [apache2-api-20120211]  2.4.10-9
ii  libc6                               2.19-13
ii  libpq5                              9.4.0-1

libapache2-mod-auth-pgsql recommends no packages.

libapache2-mod-auth-pgsql suggests no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: libapache2-mod-auth-pgsql
Source-Version: 2.0.3-6.1

We believe that the bug you reported is fixed in the latest version of
libapache2-mod-auth-pgsql, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Neil Williams <[email protected]> (supplier of updated 
libapache2-mod-auth-pgsql package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 17 Jan 2015 13:01:31 +0000
Source: libapache2-mod-auth-pgsql
Binary: libapache2-mod-auth-pgsql
Architecture: source amd64
Version: 2.0.3-6.1
Distribution: unstable
Urgency: medium
Maintainer: Marco Nenciarini <[email protected]>
Changed-By: Neil Williams <[email protected]>
Description:
 libapache2-mod-auth-pgsql - Module for Apache2 which provides PostgreSQL 
authentication
Closes: 774313
Changes:
 libapache2-mod-auth-pgsql (2.0.3-6.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Apply patch from Launchpad to set freed pointers to NULL before
     subsequent checks against NULL. (Closes: #774313)
Checksums-Sha1:
 fb8ee516d386aa1d893e851504c806e781738513 2075 
libapache2-mod-auth-pgsql_2.0.3-6.1.dsc
 901f7dc98d096690cb27f75b8880ad7fce2be24a 10940 
libapache2-mod-auth-pgsql_2.0.3-6.1.debian.tar.xz
 45f907ac5d830b9a44c3c56f7c22eb2afb52a5ca 18770 
libapache2-mod-auth-pgsql_2.0.3-6.1_amd64.deb
Checksums-Sha256:
 325b2fcf862656656ef2bb557abd2331225be68d6a90aa39acd4bb6ca73e4f10 2075 
libapache2-mod-auth-pgsql_2.0.3-6.1.dsc
 d06f58365584782ae27eea68533d9427d375fe46c540aea167b34bdf221604f4 10940 
libapache2-mod-auth-pgsql_2.0.3-6.1.debian.tar.xz
 7f95de37e1bb42b0ecdd46562a59ec72392a318edb9aac6a51f3cb99575ad850 18770 
libapache2-mod-auth-pgsql_2.0.3-6.1_amd64.deb
Files:
 75fe3eee5958be32324d9659ffd20366 2075 httpd extra 
libapache2-mod-auth-pgsql_2.0.3-6.1.dsc
 59613a31c8ff7e6cf3dc19536e972977 10940 httpd extra 
libapache2-mod-auth-pgsql_2.0.3-6.1.debian.tar.xz
 80025c3163d7e2266a4dcfe2cac765a5 18770 httpd extra 
libapache2-mod-auth-pgsql_2.0.3-6.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUumFcAAoJEPFn5DyBQ7aCaVYP/A0w/Yr9vgsc6DvWStkQshCF
kN/Pqg3Wlu5ElMQTgzlCY3EVP+aCrP8hGTGTI1ImdtbIKsvNGrIWJ5x6MF9oimt6
5ORL/m5XRHhnezcDpoZ3FT2/CDqJzJ0R0ll63erFKRmdcET4ZgEvkqHr0emLkWod
YfCLf04+fvOZeRyjB/d3rb+DLUV0IKIr5trD4tvtiBIKofT7t1gsibDAyWnJZhoJ
PxDQ+vArsLuF5F89+SQHReexPu2C/oXCpTqus8uW66jvfDEjubglVoMwTYFUX4pj
dDIz0+I7yrgC+p2PkLJXeFfWfpVPVgjMB6ADsHH8EbsxLS3q+HGcowlv+swrdnc4
ekV2PBdua4AW8xiyZYDbMC1eRK+pKrmtFn3HrbA4aGTTxU5i6YuqGbbYoWPvBugc
KpdL32VzEEI1YuBUbnUKH41iEZJw1nqi5ceS6c/J0sMXmC+iFJPyw/N7Ty2ms3FI
bhno3tS4L4/YCUssbhrSCpd5POW7sj2u21v2id22E2qvv3aPYbDpppKIRQmoVnpr
jxFg0go1Af41Pl8NIBLXNXJvDThFx16sd/ql23lAh3X4CGWGx04GVbsFKMx6DcsA
LR8kdrLfZwUKC0J9YvxfgGqiGGfUa8d7jhRc9nKGK4rhaNmQ2f5IDdT/VDq7obey
svjZ9vGWx3MfFT1vNJk6
=r5vR
-----END PGP SIGNATURE-----

--- End Message ---

Bug#774313: marked as done (apache 2.4 crashes when using AuthPG)

Reply via email to