Bug#920235: Reading from /dev/urandom hangs from an Apache2 cgi-bin, but not from the shell

2019-01-25 Thread Bernhard Übelacker 
Control: fixed 920235 apache2/2.4.23-4
Control: found 920235 apache2/2.4.23-5
Control: found 920235 apache2/2.4.37-1


Dear Maintainer,
I tried to find out when this started inside an amd64 qemu VM
and got to these versions:

Stretch/testing of date 2016-10-10 with apache2/2.4.23-4 was ok.
Stretch/testing of date 2016-10-11 with apache2/2.4.23-5 started to fail.

The changelog between those versions mentions
some movement towards systemd.

This is also reproducible in buster/testing of today.

When attaching a debugger to the fold process it repeatedly
receives a signal SIGPIPE, Broken pipe.

Kind regards,
Bernhard



htop:
  PID USER  PRI  NI  VIRT   RES   SHR S CPU% MEM%   TIME+  Command
1 root   20   0  176M  9044  6840 S  0.0  0.3  0:01.56 /sbin/init
 1765 root   20   0  8500  4416  3188 S  0.0  0.1  0:00.00 ├─ 
/usr/sbin/apache2 -k start
 1768 www-data   20   0 1952M 12096  2372 S  0.0  0.4  0:00.00 │  ├─ 
/usr/sbin/apache2 -k start
 1767 www-data   20   0 1952M 12096  2372 S  0.0  0.4  0:00.00 │  ├─ 
/usr/sbin/apache2 -k start
 1766 www-data   20   0  8160  2704  1488 S  0.0  0.1  0:00.00 │  └─ 
/usr/sbin/apache2 -k start
 1836 www-data   20   0  3736  2764  2536 S  0.0  0.1  0:00.00 │ └─ 
/bin/bash /usr/lib/cgi-bin/test
 1838 www-data   20   0  2296   688   624 S 13.9  0.0  0:45.68 │├─ fold 
-w 8
 1837 www-data   20   0  2320   744   680 R 85.5  0.0  4:04.58 │└─ tr 
-dc a-z0-9


root@debian:~# gdb -q --pid $(pidof fold)
Attaching to process 1838
...
(gdb) cont
...
Program received signal SIGPIPE, Broken pipe.
0x7fa3213c37d4 in __GI___libc_write (fd=1, buf=0x564061192350, nbytes=4096) 
at ../sysdeps/unix/sysv/linux/write.c:26
26  ../sysdeps/unix/sysv/linux/write.c: Datei oder Verzeichnis nicht 
gefunden.
(gdb) bt
#0  0x7fa3213c37d4 in __GI___libc_write (fd=1, buf=0x564061192350, 
nbytes=4096) at ../sysdeps/unix/sysv/linux/write.c:26
#1  0x7fa32135461d in _IO_new_file_write (f=0x7fa321495760 
<_IO_2_1_stdout_>, data=0x564061192350, n=4096) at fileops.c:1183
#2  0x7fa3213539bf in new_do_write (fp=0x7fa321495760 <_IO_2_1_stdout_>, 
data=0x564061192350 
"n1yicbga\nbxya0ywh\ng20pc1ex\nfwbcji3y\nedbj1oxe\nrxjygw5p\nkq7ko8zl\npik7zbo2\nyxn4gzl9\niribr6wa\nfj91a3uu\nmiivy57y\n0zyffwwi\nyjh5rajm\ntytfc4mq\nkjoowq7i\n9cxibhud\n92u1qz8s\nlhhx5f9k\n7yctusal\nqvtata20\n7n51isnp\neg"...,
 to_do=to_do@entry=4096) at libioP.h:839
#3  0x7fa321355769 in _IO_new_do_write (to_do=4096, data=, 
fp=) at fileops.c:430
#4  _IO_new_do_write (fp=, data=, to_do=4096) at 
fileops.c:430
#5  0x7fa321354cef in _IO_new_file_xsputn (n=9, data=, 
f=0x7fa321495760 <_IO_2_1_stdout_>) at libioP.h:839
#6  _IO_new_file_xsputn (f=0x7fa321495760 <_IO_2_1_stdout_>, data=, n=9) at fileops.c:1204
#7  0x7fa3213535a0 in __GI_fwrite_unlocked (buf=, size=1, 
count=9, fp=) at libioP.h:839
#8  0x56405fbee87b in fold_file (filename=, width=8) at 
src/fold.c:210
#9  0x56405fbee5bb in main (argc=3, argv=0x7ffd2bc533d8) at src/fold.c:297
(gdb) cont

# Stretch amd64 qemu VM 2019-01-24

#apt update
apt-get -o Acquire::Check-Valid-Until=false -o Acquire::Languages=none update
apt dist-upgrade

# /etc/apt/sources.list, enable backports
#apt update
apt-get -o Acquire::Check-Valid-Until=false -o Acquire::Languages=none update


# apt install linux-image-amd64=4.19+101~bpo9+1

apt install htop psmisc gdb apache2
a2enmod cgi
systemctl restart apache2



cat < /usr/lib/cgi-bin/test
#!/bin/bash
echo "Content-Type: text/plain"
echo ""
tr -dc 'a-z0-9' http://localhost/cgi-bin/test








Linux debian 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64




benutzer@debian:~$ wget http://localhost/cgi-bin/test
--2019-01-24 20:06:55--  http://localhost/cgi-bin/test
Auflösen des Hostnamens »localhost (localhost)« … ::1, 127.0.0.1
Verbindungsaufbau zu localhost (localhost)|::1|:80 … verbunden.
HTTP-Anforderung gesendet, auf Antwort wird gewartet … Keine Daten empfangen.
Erneuter Versuch.

--2019-01-24 20:11:56--  (Versuch: 2)  http://localhost/cgi-bin/test
Verbindungsaufbau zu localhost (localhost)|::1|:80 … verbunden.
HTTP-Anforderung gesendet, auf Antwort wird gewartet … 







htop

  1  [  
  17.1%]   5  [ 
0.0%]
  2  [| 
   0.7%]   6  [ 
0.0%]
  3  
[|||100.0%]
   7  [ 
0.0%]
  4  [  
   0.0%]   8  [ 
0.0%]
  Mem[||

Bug#920235: Reading from /dev/urandom hangs from an Apache2 cgi-bin, but not from the shell

2019-01-22 Thread Rawa 
Package: apache2
Version: 2.4.25-3+deb9u6

OS details:

Debian GNU/Linux 9 (stretch)
Linux debian 4.18.16-x86_64-linode118 #1 SMP PREEMPT Mon Oct 29 15:38:25 UTC 
2018 x86_64 GNU/Linux

Apache details:

Server version: Apache/2.4.25 (Debian)
Server built:   2018-11-03T18:46:19

Steps to reproduce:

1. Install apache2, configure it to enable cgi scripts. (a2enmod cgi, etc.)

2. Create an executable file in /usr/lib/cgi-bin called, for example, "test", 
containing the following four lines:

#!/bin/bash
echo "Content-Type: text/plain"
echo ""
tr -dc 'a-z0-9' /cgi-bin/test

Expected results:

A plain text web page containing an 8 character random string.

Actual results:

"tr" consumes 100% CPU and hangs. If you "kill" tr, a correct web page is 
returned, containing the string.

Notes:

This *used* to work. An update in past few weeks has broken it. Unfortunately I 
failed to notice precisely which update.

If you run "tr -dc 'a-z0-9'