Package: libapache2-mod-auth-pgsql Version: 2.0.3-6 Severity: grave Tags: patch
When using auth_pgsql_module, by protecting the whole or part of the website with e.g. <Location "/"> AuthName "Protected Realm" AuthType Basic AuthBasicProvider pgsql Auth_PG_authoritative On Auth_PG_host 127.0.0.1 Auth_PG_port 5432 Auth_PG_user XXX Auth_PG_pwd XXX Auth_PG_database XXX Auth_PG_pwd_table XXX Auth_PG_uid_field username Auth_PG_pwd_field password Auth_PG_encrypted off Require valid-user </Location> I'm getting sporadic crashes while delivering documents by apache, with the following messages in the error.log: *** Error in `/usr/sbin/apache2': free(): invalid pointer: 0xa8d003e8 *** [Wed Dec 31 01:17:38.593989 2014] [core:notice] [pid 2691:tid 3073836864] AH00052: child pid 2695 exit signal Aborted (6) [Wed Dec 31 01:17:38.594083 2014] [core:notice] [pid 2691:tid 3073836864] AH00052: child pid 2696 exit signal Segmentation fault (11) This behavior is also observed by other users: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1272857 (see comments #9, #10, #12, #13). in comment #12, someone provided a patch which fixes this problem: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1272857/+attachment/4130261/+files/doublefree.patch Here is the whole comment #12: ===================== Andreas Gleißner (gleissner) wrote on 2014-06-12: Hello, I believe to have identified the problem and propose a fix (see attachment). The module has a global variable PGconn *pg_conn, which is a pointer to a PostgreSQL connection. The code determines if there is an active connection by checking if pg_conn is non-NULL. However, the connection is closed by calling PQfinish(pg_conn) without resetting pg_conn to NULL. The documentation of libpq says that PQfinish frees the memory used by the PGConn object. Hence, when Apache calls check_password the second time, the code falsely assumes (as pg_conn != NULL) that there is an active connection and tries to access the previously freed PGconn object, which results in a segmentation fault. The same problem applies to the pointer PGresult *pg_result, for which PQclear(pg_result) is called. My proposed solution consists in simply resetting pg_conn = NULL after each call of PQfinish(pg_conn) and resetting pg_result = NULL after each call of PQclear(pg_result). Andreas ===================== I also confirm that the proposed patch fixes the problem on my Debian sid system, after I've rebuilt the package with: sudo apt-get build-dep libapache2-mod-auth-pgsql apt-get source libapache2-mod-auth-pgsql wget https://launchpadlibrarian.net/177475074/doublefree.patch cd libapache2-mod-auth-pgsql-2.0.3 patch -p1 < ../doublefree.patch dpkg-buildpackage -rfakeroot -uc -b Please fix the package in debian. Best wishes, Vladimir -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 3.18.0-trunk-686-pae (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages libapache2-mod-auth-pgsql depends on: ii apache2-bin [apache2-api-20120211] 2.4.10-9 ii libc6 2.19-13 ii libpq5 9.4.0-1 libapache2-mod-auth-pgsql recommends no packages. libapache2-mod-auth-pgsql suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
