Hello, I believe to have identified the problem and propose a fix (see attachment).
The module has a global variable PGconn *pg_conn, which is a pointer to a PostgreSQL connection. The code determines if there is an active connection by checking if pg_conn is non-NULL. However, the connection is closed by calling PQfinish(pg_conn) without resetting pg_conn to NULL. The documentation of libpq says that PQfinish frees the memory used by the PGConn object. Hence, when Apache calls check_password the second time, the code falsely assumes (as pg_conn != NULL) that there is an active connection and tries to access the previously freed PGconn object, which results in a segmentation fault. The same problem applies to the pointer PGresult *pg_result, for which PQclear(pg_result) is called. My proposed solution consists in simply resetting pg_conn = NULL after each call of PQfinish(pg_conn) and resetting pg_result = NULL after each call of PQclear(pg_result). Andreas ** Patch added: "doublefree.patch" https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1272857/+attachment/4130261/+files/doublefree.patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1272857 Title: apache2 crashed with SIGSEGV in <signal handler called>() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1272857/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
