[Bug 63795] mod_proxy_balancer: disabling balancer member often results in "AH01114: HTTP: failed to make connection to backend"
https://bz.apache.org/bugzilla/show_bug.cgi?id=63795 Felix changed: What|Removed |Added CC||not@gmail.com -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 64299] Apache Httpd is not allowing all ip address
https://bz.apache.org/bugzilla/show_bug.cgi?id=64299 Rich Bowen changed: What|Removed |Added OS||All --- Comment #1 from Rich Bowen --- Please provide the error message, from the error log. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 64297] mod_md uninitialized variable
https://bz.apache.org/bugzilla/show_bug.cgi?id=64297
--- Comment #2 from toan@gmail.com ---
Hi Stefan,
Yeah indeed I think you right, so I dive in md_json_readb and see this
apr_status_t md_json_readd(md_json_t **pjson, apr_pool_t *pool, const char
*data, size_t data_len)
{
json_error_t error;
json_t *j;
j = json_loadb(data, data_len, 0, ); (5)
if (!j) {
return APR_EINVAL;
}
*pjson = json_create(pool, j);
return APR_SUCCESS;
}
so If we go to the branh:
rv = md_json_readb(pjson, pool, res->body);
it will trigger (5) with data is res->body under attacker control and I guess
can make it return 0 and it will keep pjson ( our *problem ) uninit as well.
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 64297] mod_md uninitialized variable
https://bz.apache.org/bugzilla/show_bug.cgi?id=64297 --- Comment #1 from Stefan Eissing --- Thanks for your report. I agree that md_json_read_http() should NULL the pointer if the response is not of a json content type. I will fix the code accordingly. As for an attack, the function is only called when a "json" content type has been detected. I fail to see how an uninitialized *problem could be accessed. Maybe I am not seeing something? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 64299] New: Apache Httpd is not allowing all ip address
https://bz.apache.org/bugzilla/show_bug.cgi?id=64299 Bug ID: 64299 Summary: Apache Httpd is not allowing all ip address Product: Apache httpd-2 Version: 2.4.18 Hardware: PC Status: NEW Severity: normal Priority: P2 Component: All Assignee: bugs@httpd.apache.org Reporter: baji.sh...@thomsonreuters.com Target Milestone: --- Dear Team, we are using apache-httpd-2.4.18_64bit in our project, we are getting error(HTTP Internal server error)when trying to send request to httpd server from assigned IP is 10.8.*, but its working fine when sending request from assigned IP(10.194 *) I though there is restriction in config file, so I tried to allow IP address 10.8.* in virtual host tag, and also tried to grand all access in directory tag, but still I am getting the same error. Could you please help on this issue. Regards Bajih -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 63687] High Memory usage after upgrade to 2.4.41
https://bz.apache.org/bugzilla/show_bug.cgi?id=63687 --- Comment #78 from Ruediger Pluem --- Maybe the following untested stuff helps you to do this in an unattended way: gdb break sbrk commands silent bt full cont end set logging file set logging redirect on set logging on cont -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 63687] High Memory usage after upgrade to 2.4.41
https://bz.apache.org/bugzilla/show_bug.cgi?id=63687 --- Comment #77 from Ruediger Pluem --- (In reply to Curtis Wilson from comment #76) > Is there anything else that is needed at this time? Not now. I am honestly a bit lost now. It looks like that your processes consume a lot of memory (about 600 MB) from the start due to their configuration, but from pool usage perspective not much changes between the freshly started process and the one which consumes the huge amount of memory (roughly 2.8 GB). So the question is where is this memory lost and why did the behavior change with the httpd version. It could be that a 3rd party module consumes memory outside the pools, but due to sideeffects introduced by the newer httpd version does not free up that memory any longer or it is caused by the underlying memory management of the c library, but then it should show up the same way with both httpd version. So this is the rather unlikely option. Maybe we are left to the proposal from Joe: Have a fresh process handle some requests to "warm up" a little bit memory wise and then do https://bz.apache.org/bugzilla/show_bug.cgi?id=63687#c62 with that process and see where it stops over and over again. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 64297] New: mod_md uninitialized variable
https://bz.apache.org/bugzilla/show_bug.cgi?id=64297
Bug ID: 64297
Summary: mod_md uninitialized variable
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: All
OS: All
Status: NEW
Severity: critical
Priority: P2
Component: mod_md
Assignee: bugs@httpd.apache.org
Reporter: toan@gmail.com
Target Milestone: ---
Hi,
When auditing httpd I caught this bug,
https://github.com/apache/httpd/blob/trunk/modules/md/md_acme.c#L170
static apr_status_t inspect_problem(md_acme_req_t *req, const
md_http_response_t *res)
{
const char *ctype;
md_json_t *problem; (1)
ctype = apr_table_get(req->resp_hdrs, "content-type");
if (ctype && !strcmp(ctype, "application/problem+json")) {
/* RFC 7807 */
md_json_read_http(, req->p, res); (2)
if (problem) { (3)
const char *ptype, *pdetail;
https://github.com/apache/httpd/blob/trunk/modules/md/md_json.c#L1160
apr_status_t md_json_read_http(md_json_t **pjson, apr_pool_t *pool, const
md_http_response_t *res)
{
apr_status_t rv = APR_ENOENT;
const char *ctype = apr_table_get(res->headers, "content-type");
if (ctype && res->body (4) && (strstr(ctype, "/json") || strstr(ctype,
"+json"))) {
rv = md_json_readb(pjson, pool, res->body);
}
return rv;
Variable problem uninitialized at (1) and pass as a pointer to
md_json_read_http at (2), if res->body is null at (4) it will return APR_ENOENT
without init pjson( or problem ).
At (3) use [problem] without any check on return value of md_json_read_http so
[problem] never get init.
It look like if attacker can control authority server he can exploit this bug.
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org
