[Bug 1272857] Re: Double free in libapache2-mod-auth-pgsql causes Apache to crash
This bug was fixed in the package libapache2-mod-auth-pgsql - 2.0.3-6ubuntu0.1 --- libapache2-mod-auth-pgsql (2.0.3-6ubuntu0.1) trusty; urgency=medium * d/p/fixdoublefree.patch: set freed pointers to NULL before subsequent checks against NULL. (LP: #1272857) * d/p/crypt-check-null-1698758.patch: check for a NULL return from crypt(3) (LP: #1698758) -- Andreas Hasenack Thu, 22 Jun 2017 16:54:09 -0300 ** Changed in: libapache2-mod-auth-pgsql (Ubuntu Trusty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: Double free in libapache2-mod-auth-pgsql causes Apache to crash To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/+bug/1272857/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1272857] Re: Double free in libapache2-mod-auth-pgsql causes Apache to crash
(it doesn't look like there is anything left to review/upload so unsubscribing sponsors) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: Double free in libapache2-mod-auth-pgsql causes Apache to crash To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/+bug/1272857/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1272857] Re: Double free in libapache2-mod-auth-pgsql causes Apache to crash
Trusty verification Confirmed the segfault with libapache2-mod-auth-pgsql 2.0.3-6: ubuntu@trusty-mod-auth-pgsql-double-free-1272857:~$ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl Hello, World! ubuntu@trusty-mod-auth-pgsql-double-free-1272857:~$ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl Hello, World! ubuntu@trusty-mod-auth-pgsql-double-free-1272857:~$ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl curl: (52) Empty reply from server logs: *** Error in `/usr/sbin/apache2': free(): invalid pointer: 0x7effd80007c8 *** [Thu Aug 03 14:03:55.357288 2017] [core:notice] [pid 6943:tid 139637886596992] AH00051: child pid 6947 exit signal Aborted (6), possible coredump in /etc/apache2 Installing the version from proposed: (...) Get:1 http://br.archive.ubuntu.com/ubuntu/ trusty-proposed/main libapache2-mod-auth-pgsql amd64 2.0.3-6ubuntu0.1 [18.6 kB] Fetched 18.6 kB in 0s (1,000 kB/s) (Reading database ... 26196 files and directories currently installed.) Preparing to unpack .../libapache2-mod-auth-pgsql_2.0.3-6ubuntu0.1_amd64.deb ... Unpacking libapache2-mod-auth-pgsql (2.0.3-6ubuntu0.1) over (2.0.3-6) ... Setting up libapache2-mod-auth-pgsql (2.0.3-6ubuntu0.1) ... apache2_invoke 000_auth_pgsql: already enabled * Restarting web server apache2 Repeating the test several times, no crash: ubuntu@trusty-mod-auth-pgsql-double-free-1272857:~$ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl Hello, World! ubuntu@trusty-mod-auth-pgsql-double-free-1272857:~$ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl Hello, World! ubuntu@trusty-mod-auth-pgsql-double-free-1272857:~$ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl Hello, World! ubuntu@trusty-mod-auth-pgsql-double-free-1272857:~$ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl Hello, World! ubuntu@trusty-mod-auth-pgsql-double-free-1272857:~$ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl Hello, World! ** Tags removed: verification-needed ** Tags added: verification-done-xenial ** Tags removed: verification-done-xenial ** Tags added: verification-done-trusty ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: Double free in libapache2-mod-auth-pgsql causes Apache to crash To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/+bug/1272857/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1272857] Re: Double free in libapache2-mod-auth-pgsql causes Apache to crash
Hello mubm, or anyone else affected, Accepted libapache2-mod-auth-pgsql into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/libapache2-mod-auth- pgsql/2.0.3-6ubuntu0.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: libapache2-mod-auth-pgsql (Ubuntu Trusty) Status: In Progress => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: Double free in libapache2-mod-auth-pgsql causes Apache to crash To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/+bug/1272857/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1272857] Re: Double free in libapache2-mod-auth-pgsql causes Apache to crash
** Description changed: [Impact] + The libapache2-mod-auth-pgsql module will trigger frequent segfaults in apache if used in conjunction with a CGI script. - * An explanation of the effects of the bug on users and - - * justification for backporting the fix to the stable release. - - * In addition, it is helpful, but not required, to include an -explanation of how the upload fixes this bug. [Test Case] * install the packages on the Ubuntu release you are testing: $ sudo apt install apache2 libapache2-mod-auth-pgsql postgresql * create the database and populate it with the test user: $ sudo -u postgres -H createdb userdb $ sudo -u postgres -H psql userdb -c "CREATE TABLE UserLogin (Username text, ApachePassword text);" $ sudo -u postgres -H psql userdb -c "INSERT INTO UserLogin VALUES ('ubuntu', 'secret');" * Create the DB user the module will use and grant access to the user table: $ sudo -u postgres -H psql postgres -c "CREATE ROLE www UNENCRYPTED PASSWORD 'password' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;" $ sudo -u postgres -H psql userdb -c "GRANT SELECT ON TABLE userlogin TO www;" * Create /etc/apache2/conf-available/authpgtest.conf with the following content: Alias /authpgtest /export/scratch/authpgtest - Options +ExecCGI +FollowSymLinks - AddHandler cgi-script .pl - AuthType basic - AuthName "My Auth" - Require valid-user - AuthBasicProvider pgsql - Auth_PG_authoritative On - Auth_PG_host 127.0.0.1 - Auth_PG_port 5432 - Auth_PG_user www - Auth_PG_pwd password - Auth_PG_database userdb - Auth_PG_encrypted off - Auth_PG_pwd_table UserLogin - Auth_PG_uid_field Username - Auth_PG_pwd_field ApachePassword + Options +ExecCGI +FollowSymLinks + AddHandler cgi-script .pl + AuthType basic + AuthName "My Auth" + Require valid-user + AuthBasicProvider pgsql + Auth_PG_authoritative On + Auth_PG_host 127.0.0.1 + Auth_PG_port 5432 + Auth_PG_user www + Auth_PG_pwd password + Auth_PG_database userdb + Auth_PG_encrypted off + Auth_PG_pwd_table UserLogin + Auth_PG_uid_field Username + Auth_PG_pwd_field ApachePassword * Enable this new configuration: $ sudo a2enconf authpgtest.conf * Enable the auth-pgsql and cgi modules and then restart apache: $ for n in 000_auth_pgsql cgi; do sudo a2enmod $n; done $ sudo service apache2 restart * Create the CGI directory for our script: $ sudo mkdir -p /export/scratch/authpgtest * Create the CGI script /export/scratch/authpgtest/hw.pl with the following contents: #!/usr/bin/perl print "Content-type: text/html\n\n"; print "Hello, World!\n"; * Make it executable: $ sudo chmod 0755 /export/scratch/authpgtest/hw.pl - * Access the http://ubuntu:secret@localhost/authpgtest/hw.pl URL a few times while tailing /var/log/apache/error.log. After a few tries it will fail, and apache will log a segfault: $ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl Hello, World! $ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl Hello, World! $ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl curl: (52) Empty reply from server In /var/log/apache2/error.log: *** Error in `/usr/sbin/apache2': free(): invalid pointer: 0x7fa9340007c8 *** [Wed Jul 19 20:43:57.077960 2017] [core:notice] [pid 10926:tid 140365262006144] AH00051: child pid 10930 exit signal Aborted (6), possible coredump in /etc/apache2 - - After installing the fixed libapache2-mod-auth-pgsql package, all attempts will work. + After installing the fixed libapache2-mod-auth-pgsql package, all + attempts will work. - [Regression Potential] + [Regression Potential] + This patch is already being used in Ubuntu releases higher than trusty, all the way to artful, and also in Debian. - * discussion of how regressions are most likely to manifest as a result - of this change. + This is a very old module that hasn't been built in a while (see [other + info] below. It's possible that just by rebuilding it with the new + environment available in Trusty could introduce unknowns. Hopefully, if + that happens, it will be immediately noticed by the people who use it + and will test this SRU. - * It is assumed that any SRU candidate patch is well-tested before -upload and has a low overall risk of regression, but it's important -to make the effort to think about what ''could'' happen in the -event of a regression. - - * This both shows the SRU team that the risks have been considered, -and provides guidance to testers in regression-testing the SRU. [Other Info] - - * Anything else you think is useful to include - * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board - * and address these questions in advance + This module hasn't been rebuilt since vivid and seems unmaintained, being at version 2.0.3 since the precise days: + libapache2-mod
[Bug 1272857] Re: Double free in libapache2-mod-auth-pgsql causes Apache to crash
** Description changed: - Ubuntu Trusty Tahr 14.04 + [Impact] - apache2: - Installed: 2.4.7-1ubuntu1 - Candidate: 2.4.7-1ubuntu1 - Version table: - *** 2.4.7-1ubuntu1 0 - 500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages - 100 /var/lib/dpkg/status + * An explanation of the effects of the bug on users and - Just maked a following steps: - - sudo apt-get update - - sudo apt-get upgrade + * justification for backporting the fix to the stable release. - ProblemType: Crash - DistroRelease: Ubuntu 14.04 - Package: apache2-bin 2.4.7-1ubuntu1 - ProcVersionSignature: Ubuntu 3.13.0-4.19-generic 3.13.0-rc8 - Uname: Linux 3.13.0-4-generic x86_64 - NonfreeKernelModules: nvidia - ApportVersion: 2.13.1-0ubuntu2 - Architecture: amd64 - Date: Sun Jan 26 00:07:10 2014 - ExecutablePath: /usr/sbin/apache2 - InstallationDate: Installed on 2012-12-19 (402 days ago) - InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64+mac (20111012) - ProcCmdline: /usr/sbin/apache2 -k start - ProcEnviron: - PATH=(custom, no user) - LANG=C - SegvAnalysis: - Segfault happened at: 0x7f197ce45bb2:and%al,(%rax) - PC (0x7f197ce45bb2) ok - source "%al" ok - destination "(%rax)" (0x) not located in a known VMA region (needed writable region)! - SegvReason: writing NULL VMA - Signal: 11 - SourcePackage: apache2 - StacktraceTop: - ?? () from /usr/lib/apache2/modules/mod_cgid.so - - __accept_nocancel () at ../sysdeps/unix/syscall-template.S:81 - ?? () from /usr/lib/apache2/modules/mod_cgid.so - ?? () from /usr/lib/apache2/modules/mod_cgid.so - Title: apache2 crashed with SIGSEGV in () - UpgradeStatus: Upgraded to trusty on 2013-11-10 (76 days ago) - UserGroups: + * In addition, it is helpful, but not required, to include an +explanation of how the upload fixes this bug. + + [Test Case] + + * install the packages on the Ubuntu release you are testing: + $ sudo apt install apache2 libapache2-mod-auth-pgsql postgresql + + * create the database and populate it with the test user: + $ sudo -u postgres -H createdb userdb + $ sudo -u postgres -H psql userdb -c "CREATE TABLE UserLogin (Username text, ApachePassword text);" + $ sudo -u postgres -H psql userdb -c "INSERT INTO UserLogin VALUES ('ubuntu', 'secret');" + + * Create the DB user the module will use and grant access to the user table: + $ sudo -u postgres -H psql postgres -c "CREATE ROLE www UNENCRYPTED PASSWORD 'password' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;" + $ sudo -u postgres -H psql userdb -c "GRANT SELECT ON TABLE userlogin TO www;" + + * Create /etc/apache2/conf-available/authpgtest.conf with the following content: + Alias /authpgtest /export/scratch/authpgtest + + Options +ExecCGI +FollowSymLinks + AddHandler cgi-script .pl + AuthType basic + AuthName "My Auth" + Require valid-user + AuthBasicProvider pgsql + Auth_PG_authoritative On + Auth_PG_host 127.0.0.1 + Auth_PG_port 5432 + Auth_PG_user www + Auth_PG_pwd password + Auth_PG_database userdb + Auth_PG_encrypted off + Auth_PG_pwd_table UserLogin + Auth_PG_uid_field Username + Auth_PG_pwd_field ApachePassword + + + * Enable this new configuration: + $ sudo a2enconf authpgtest.conf + + * Enable the auth-pgsql and cgi modules and then restart apache: + $ for n in 000_auth_pgsql cgi; do sudo a2enmod $n; done + $ sudo service apache2 restart + + * Create the CGI directory for our script: + $ sudo mkdir -p /export/scratch/authpgtest + + * Create the CGI script /export/scratch/authpgtest/hw.pl with the following contents: + #!/usr/bin/perl + print "Content-type: text/html\n\n"; + print "Hello, World!\n"; + + * Make it executable: + $ sudo chmod 0755 /export/scratch/authpgtest/hw.pl + + + * Access the http://ubuntu:secret@localhost/authpgtest/hw.pl URL a few times while tailing /var/log/apache/error.log. After a few tries it will fail, and apache will log a segfault: + $ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl + Hello, World! + $ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl + Hello, World! + $ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl + curl: (52) Empty reply from server + + In /var/log/apache2/error.log: + *** Error in `/usr/sbin/apache2': free(): invalid pointer: 0x7fa9340007c8 *** + [Wed Jul 19 20:43:57.077960 2017] [core:notice] [pid 10926:tid 140365262006144] AH00051: child pid 10930 exit signal Aborted (6), possible coredump in /etc/apache2 + + + After installing the fixed libapache2-mod-auth-pgsql package, all attempts will work. + + + [Regression Potential] + + * discussion of how regressions are most likely to manifest as a result + of this change. + + * It is assumed that any SRU candidate patch is well-tested before +upload and has a low overall risk of regression, but it's important +to make the effort to think about what ''could'' happen in the +event of a regression. + + * This both shows the SRU t
[Bug 1272857] Re: Double free in libapache2-mod-auth-pgsql causes Apache to crash
** Merge proposal linked: https://code.launchpad.net/~ahasenack/ubuntu/+source/libapache2-mod-auth-pgsql/+git/libapache2-mod-auth-pgsql/+merge/327657 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: Double free in libapache2-mod-auth-pgsql causes Apache to crash To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/+bug/1272857/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1272857] Re: Double free in libapache2-mod-auth-pgsql causes Apache to crash
debdiff for trusty ** Patch added: "trusty-libapache2-mod-auth-pgsql.debdiff" https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/+bug/1272857/+attachment/4917186/+files/trusty-libapache2-mod-auth-pgsql.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: Double free in libapache2-mod-auth-pgsql causes Apache to crash To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/+bug/1272857/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1272857] Re: Double free in libapache2-mod-auth-pgsql causes Apache to crash
I have a branch (https://code.launchpad.net/~ahasenack/ubuntu/+source/libapache2-mod- auth-pgsql/+git/libapache2-mod-auth-pgsql/+ref/trusty-check-null-double- free-1698758-1272857) to SRU this fix and bug #1698758 at the same time. Just waiting on the latter to land in artful, then the SRU floodgates can open. ** Changed in: libapache2-mod-auth-pgsql (Ubuntu Trusty) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: libapache2-mod-auth-pgsql (Ubuntu Trusty) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: Double free in libapache2-mod-auth-pgsql causes Apache to crash To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/+bug/1272857/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1272857] Re: Double free in libapache2-mod-auth-pgsql causes Apache to crash
** Tags added: server-next -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: Double free in libapache2-mod-auth-pgsql causes Apache to crash To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/+bug/1272857/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1272857] Re: Double free in libapache2-mod-auth-pgsql causes Apache to crash
Still no build for Trusty. I would really appreciate if someone could fix that. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: Double free in libapache2-mod-auth-pgsql causes Apache to crash To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/+bug/1272857/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1272857] Re: Double free in libapache2-mod-auth-pgsql causes Apache to crash
** Changed in: libapache2-mod-auth-pgsql (Debian) Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: Double free in libapache2-mod-auth-pgsql causes Apache to crash To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/+bug/1272857/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs