Hi mod_perl team, I reported a bug yesterday to the Apache team, describing a segfault that only happens if mod_perl is installed:
https://bz.apache.org/bugzilla/show_bug.cgi?id=63516 My impression was that it should be fixed in httpd2, but mod_perl is the only module that adds a configuration flag to the global ap_server_config_defines array, so it has been suggested that a one-line change go into the modperl_register_hooks() function instead: Index: src/modules/perl/mod_perl.c --- src/modules/perl/mod_perl.c.orig +++ src/modules/perl/mod_perl.c @@ -861,7 +861,7 @@ /* for <IfDefine MODPERL2> and Apache2->define("MODPERL2") */ *(char **)apr_array_push(ap_server_config_defines) = - apr_pstrdup(p, "MODPERL2"); + apr_pstrdup(ap_server_config_defines->pool, "MODPERL2"); ap_hook_pre_config(modperl_hook_pre_config, NULL, NULL, APR_HOOK_MIDDLE); Essentially, the pool provided as an argument to this function doesn't have a long enough lifetime to safely be used as backing storage for the "MODPERL2" string. This change uses the pool that the ap_server_config_defines array itself was created in, thereby giving the "MODPERL2" string the same lifetime as the array it is being added to. As far as I can tell, this use-after-free bug has been sitting there for quite a few years now but Apache only segfaults if your OS is strict enough about reclaiming/unmapping freed memory. Currently, this issue causes httpd2 to segfault during startup the majority of the time on OpenBSD 6.5. I'd really appreciate it if someone could either confirm that the above patch is OK and apply it to mod_perl, or jump on the above Apache bug report and add a comment explaining why it isn't. Thanks! Sam --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org For additional commands, e-mail: dev-h...@perl.apache.org
