** Description changed: [Impact] + The libapache2-mod-auth-pgsql module will trigger frequent segfaults in apache if used in conjunction with a CGI script. - * An explanation of the effects of the bug on users and - - * justification for backporting the fix to the stable release. - - * In addition, it is helpful, but not required, to include an - explanation of how the upload fixes this bug. [Test Case] * install the packages on the Ubuntu release you are testing: $ sudo apt install apache2 libapache2-mod-auth-pgsql postgresql * create the database and populate it with the test user: $ sudo -u postgres -H createdb userdb $ sudo -u postgres -H psql userdb -c "CREATE TABLE UserLogin (Username text, ApachePassword text);" $ sudo -u postgres -H psql userdb -c "INSERT INTO UserLogin VALUES ('ubuntu', 'secret');" * Create the DB user the module will use and grant access to the user table: $ sudo -u postgres -H psql postgres -c "CREATE ROLE www UNENCRYPTED PASSWORD 'password' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;" $ sudo -u postgres -H psql userdb -c "GRANT SELECT ON TABLE userlogin TO www;" * Create /etc/apache2/conf-available/authpgtest.conf with the following content: Alias /authpgtest /export/scratch/authpgtest <Directory /export/scratch/authpgtest/> - Options +ExecCGI +FollowSymLinks - AddHandler cgi-script .pl - AuthType basic - AuthName "My Auth" - Require valid-user - AuthBasicProvider pgsql - Auth_PG_authoritative On - Auth_PG_host 127.0.0.1 - Auth_PG_port 5432 - Auth_PG_user www - Auth_PG_pwd password - Auth_PG_database userdb - Auth_PG_encrypted off - Auth_PG_pwd_table UserLogin - Auth_PG_uid_field Username - Auth_PG_pwd_field ApachePassword + Options +ExecCGI +FollowSymLinks + AddHandler cgi-script .pl + AuthType basic + AuthName "My Auth" + Require valid-user + AuthBasicProvider pgsql + Auth_PG_authoritative On + Auth_PG_host 127.0.0.1 + Auth_PG_port 5432 + Auth_PG_user www + Auth_PG_pwd password + Auth_PG_database userdb + Auth_PG_encrypted off + Auth_PG_pwd_table UserLogin + Auth_PG_uid_field Username + Auth_PG_pwd_field ApachePassword </Directory> * Enable this new configuration: $ sudo a2enconf authpgtest.conf * Enable the auth-pgsql and cgi modules and then restart apache: $ for n in 000_auth_pgsql cgi; do sudo a2enmod $n; done $ sudo service apache2 restart * Create the CGI directory for our script: $ sudo mkdir -p /export/scratch/authpgtest * Create the CGI script /export/scratch/authpgtest/hw.pl with the following contents: #!/usr/bin/perl print "Content-type: text/html\n\n"; print "Hello, World!\n"; * Make it executable: $ sudo chmod 0755 /export/scratch/authpgtest/hw.pl - * Access the http://ubuntu:secret@localhost/authpgtest/hw.pl URL a few times while tailing /var/log/apache/error.log. After a few tries it will fail, and apache will log a segfault: $ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl Hello, World! $ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl Hello, World! $ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl curl: (52) Empty reply from server In /var/log/apache2/error.log: *** Error in `/usr/sbin/apache2': free(): invalid pointer: 0x00007fa9340007c8 *** [Wed Jul 19 20:43:57.077960 2017] [core:notice] [pid 10926:tid 140365262006144] AH00051: child pid 10930 exit signal Aborted (6), possible coredump in /etc/apache2 - - After installing the fixed libapache2-mod-auth-pgsql package, all attempts will work. + After installing the fixed libapache2-mod-auth-pgsql package, all + attempts will work. - [Regression Potential] + [Regression Potential] + This patch is already being used in Ubuntu releases higher than trusty, all the way to artful, and also in Debian. - * discussion of how regressions are most likely to manifest as a result - of this change. + This is a very old module that hasn't been built in a while (see [other + info] below. It's possible that just by rebuilding it with the new + environment available in Trusty could introduce unknowns. Hopefully, if + that happens, it will be immediately noticed by the people who use it + and will test this SRU. - * It is assumed that any SRU candidate patch is well-tested before - upload and has a low overall risk of regression, but it's important - to make the effort to think about what ''could'' happen in the - event of a regression. - - * This both shows the SRU team that the risks have been considered, - and provides guidance to testers in regression-testing the SRU. [Other Info] - - * Anything else you think is useful to include - * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board - * and address these questions in advance + This module hasn't been rebuilt since vivid and seems unmaintained, being at version 2.0.3 since the precise days: + libapache2-mod-auth-pgsql | 2.0.3-5build2 | precise + libapache2-mod-auth-pgsql | 2.0.3-6 | trusty + libapache2-mod-auth-pgsql | 2.0.3-6.1 | vivid + libapache2-mod-auth-pgsql | 2.0.3-6.1 | xenial + libapache2-mod-auth-pgsql | 2.0.3-6.1 | yakkety + libapache2-mod-auth-pgsql | 2.0.3-6.1 | zesty + libapache2-mod-auth-pgsql | 2.0.3-6.1ubuntu1 | artful + + - Debian's last changelog entry is from August 2013 + - Fedora killed it in July 2011 + - I couldn't find it in SuSE
-- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1272857 Title: Double free in libapache2-mod-auth-pgsql causes Apache to crash To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/+bug/1272857/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs