[Bug 1272857] Re: apache2 crashed with SIGSEGV in signal handler called()
Looks like this was fixed in 2.0.3-6.1 which was synced from Debian in Vivid, and so is also fixed in Wily. If someone can prepare a backport, please follow the steps at https://wiki.ubuntu.com/StableReleaseUpdates#Procedure to have 14.04 updated. ** Package changed: apache2 (Ubuntu) = libapache2-mod-auth-pgsql (Ubuntu) ** Bug watch added: Debian Bug tracker #774313 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774313 ** Also affects: libapache2-mod-auth-pgsql (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774313 Importance: Unknown Status: Unknown ** Summary changed: - apache2 crashed with SIGSEGV in signal handler called() + Double free in libapache2-mod-auth-pgsql causes Apache to crash ** Changed in: libapache2-mod-auth-pgsql (Ubuntu) Status: Confirmed = Fix Released ** Also affects: libapache2-mod-auth-pgsql (Ubuntu Trusty) Importance: Undecided Status: New ** Changed in: libapache2-mod-auth-pgsql (Ubuntu Trusty) Status: New = Triaged ** Changed in: libapache2-mod-auth-pgsql (Ubuntu Trusty) Importance: Undecided = Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libapache2-mod-auth-pgsql in Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: Double free in libapache2-mod-auth-pgsql causes Apache to crash To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/+bug/1272857/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1272857] Re: apache2 crashed with SIGSEGV in signal handler called()
I confirm the bug. I'll add the patch to the Debian package soon. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: apache2 crashed with SIGSEGV in signal handler called() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1272857/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1272857] Re: apache2 crashed with SIGSEGV in signal handler called()
I am using the code of Andreas in #12 now in a productive environment. So far without any problems. Could someone assign the bug to the package maintainer? It seems like I have not the option to do that here. Thank you, Chris. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: apache2 crashed with SIGSEGV in signal handler called() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1272857/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1272857] Re: apache2 crashed with SIGSEGV in signal handler called()
Hello, I believe to have identified the problem and propose a fix (see attachment). The module has a global variable PGconn *pg_conn, which is a pointer to a PostgreSQL connection. The code determines if there is an active connection by checking if pg_conn is non-NULL. However, the connection is closed by calling PQfinish(pg_conn) without resetting pg_conn to NULL. The documentation of libpq says that PQfinish frees the memory used by the PGConn object. Hence, when Apache calls check_password the second time, the code falsely assumes (as pg_conn != NULL) that there is an active connection and tries to access the previously freed PGconn object, which results in a segmentation fault. The same problem applies to the pointer PGresult *pg_result, for which PQclear(pg_result) is called. My proposed solution consists in simply resetting pg_conn = NULL after each call of PQfinish(pg_conn) and resetting pg_result = NULL after each call of PQclear(pg_result). Andreas ** Patch added: doublefree.patch https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1272857/+attachment/4130261/+files/doublefree.patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: apache2 crashed with SIGSEGV in signal handler called() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1272857/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1272857] Re: apache2 crashed with SIGSEGV in signal handler called()
The attachment doublefree.patch seems to be a patch. If it isn't, please remove the patch flag from the attachment, remove the patch tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: apache2 crashed with SIGSEGV in signal handler called() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1272857/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1272857] Re: apache2 crashed with SIGSEGV in signal handler called()
I'm seeing exactly the same thing as #9. LocationMatch /git/setup(\.git)? AuthName Git repository: setup AuthBasicAuthoritative Off AuthBasicProvider pgsql AuthType Basic AuthUserFile /dev/null require valid-user Auth_PG_host XXX Auth_PG_port XXX Auth_PG_user XXX Auth_PG_pwd XXX Auth_PG_database XXX Auth_PG_encrypted on Auth_PG_hash_type MD5 Auth_PG_pwd_table view_users, view_groups Auth_PG_uid_field view_users.login Auth_PG_pwd_field view_users.hashed_password Auth_PG_pwd_whereclause AND view_users.login = view_groups.login AND view_groups.group_name = 'XXX' /LocationMatch [Wed Jun 04 15:23:35.226264 2014] [core:notice] [pid 22392:tid 139964758747008] AH00051: child pid 27013 exit signal Aborted (6), possible coredump in /etc/apache2 *** Error in `/usr/sbin/apache2': free(): invalid pointer: 0x7f4bf4038c50 *** [Wed Jun 04 15:23:36.228084 2014] [core:notice] [pid 22392:tid 139964758747008] AH00051: child pid 27012 exit signal Aborted (6), possible coredump in /etc/apache2 *** Error in `/usr/sbin/apache2': free(): invalid pointer: 0x7f4bf4038c50 *** *** Error in `/usr/sbin/apache2': free(): invalid pointer: 0x7f4bf4038c50 *** -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: apache2 crashed with SIGSEGV in signal handler called() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1272857/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1272857] Re: apache2 crashed with SIGSEGV in signal handler called()
Whoops, forgot the CGI script component of the Apache config: # Git HTTP Backend SetEnv GIT_HTTP_EXPORT_ALL 1 SetEnv GIT_PROJECT_ROOT XXX ScriptAlias /git /usr/lib/git-core/git-http-backend -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: apache2 crashed with SIGSEGV in signal handler called() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1272857/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1272857] Re: apache2 crashed with SIGSEGV in signal handler called()
Now I could sharpen the problem. It only shows up if using AuthPG libapache2-mod-auth-pgsql in connection with a cgi script. To reproduce put the following in /etc/apache2/conf.d/authpgtest.conf and then execute a2enconf authpgtest.conf and service apache2 reload . Alias /authpgtest /export/scratch/authpgtest Directory /export/scratch/authpgtest/ Options +ExecCGI +FollowSymLinks AddHandler cgi-script .pl AuthName TestRealm AuthType Basic AuthBasicProvider pgsql Auth_PG_host /var/run/postgresql Auth_PG_port 5432 Auth_PG_database authpgtestdb Auth_PG_pwd_table ident_users Auth_PG_uid_field uname Auth_PG_pwd_field password Auth_PG_encrypted off Require valid-user /Directory Of course the postgres db authpgtestdb with table ident_users with columns uname and password have to exist, or the params adapted. Under /export/scratch/authpgtest/hw.pl put the follwing. #!/usr/bin/perl print Content-type: text/html\n\n; print Hello, World!\n; Then call http://host/authpgtest/hw.pl in your browser while tail -f tail -f /var/log/apache2/error.log is running. Press the reload button of the browser a few times. Without using AuthPG-Realm I think the errors do not show up. Unfortunately, I need this for production and a workaround seems not to doable. Chris -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: apache2 crashed with SIGSEGV in signal handler called() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1272857/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1272857] Re: apache2 crashed with SIGSEGV in signal handler called()
Calling a python cgi script delivers in error.log (with all regular ubuntu updates/patches installed): *** Error in `/usr/sbin/apache2': free(): invalid pointer: 0x7ff1a80004b8 *** *** Error in `/usr/sbin/apache2': free(): invalid pointer: 0x7ff1a80004b8 *** *** Error in `/usr/sbin/apache2': free(): invalid pointer: 0x7ff1a8017840 *** *** Error in `/usr/sbin/apache2': free(): invalid pointer: 0x7ff1a8017840 *** *** Error in `/usr/sbin/apache2': free(): invalid pointer: 0x7ff1a8015a20 *** *** Error in `/usr/sbin/apache2': double free or corruption (!prev): 0x7ff1a80019a0 *** [Fri Apr 04 08:43:44.969263 2014] [core:notice] [pid 1764:tid 140676438046592] AH00051: child pid 1769 exit signal Segmentation fault (11), possible coredump in /etc/apache2 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: apache2 crashed with SIGSEGV in signal handler called() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1272857/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1272857] Re: apache2 crashed with SIGSEGV in signal handler called()
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: apache2 (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: apache2 crashed with SIGSEGV in signal handler called() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1272857/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1272857] Re: apache2 crashed with SIGSEGV in signal handler called()
Calling a cgi-sript using mod_cgid unter Trusty Thar delivers segementation faults nearly on every single request in error.log: [Tue Mar 25 10:30:07.598453 2014] [core:notice] [pid 1178:tid 140037490894720] AH00051: child pid 7555 exit signal Segmentation fault (11), possible coredump in /etc/apache2 *** Error in `/usr/sbin/apache2': double free or corruption (!prev): 0x7f5cdc0019a0 *** [Tue Mar 25 10:30:09.601954 2014] [core:notice] [pid 1178:tid 140037490894720] AH00051: child pid 7593 exit signal Segmentation fault (11), possible coredump in /etc/apache2 However, this is not always and mostly the content is correctly displayed in the client browser. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: apache2 crashed with SIGSEGV in signal handler called() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1272857/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs