[Bug 1272857] Re: Double free in libapache2-mod-auth-pgsql causes Apache to crash

Andreas Hasenack andreas at canonical.com
Thu Aug 3 14:08:56 UTC 2017


Trusty verification

Confirmed the segfault with libapache2-mod-auth-pgsql	2.0.3-6:
ubuntu at trusty-mod-auth-pgsql-double-free-1272857:~$ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl
Hello, World!
ubuntu at trusty-mod-auth-pgsql-double-free-1272857:~$ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl
Hello, World!
ubuntu at trusty-mod-auth-pgsql-double-free-1272857:~$ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl
curl: (52) Empty reply from server

logs:
*** Error in `/usr/sbin/apache2': free(): invalid pointer: 0x00007effd80007c8 ***
[Thu Aug 03 14:03:55.357288 2017] [core:notice] [pid 6943:tid 139637886596992] AH00051: child pid 6947 exit signal Aborted (6), possible coredump in /etc/apache2

Installing the version from proposed:
(...)
Get:1 http://br.archive.ubuntu.com/ubuntu/ trusty-proposed/main libapache2-mod-auth-pgsql amd64 2.0.3-6ubuntu0.1 [18.6 kB]
Fetched 18.6 kB in 0s (1,000 kB/s)                   
(Reading database ... 26196 files and directories currently installed.)
Preparing to unpack .../libapache2-mod-auth-pgsql_2.0.3-6ubuntu0.1_amd64.deb ...
Unpacking libapache2-mod-auth-pgsql (2.0.3-6ubuntu0.1) over (2.0.3-6) ...
Setting up libapache2-mod-auth-pgsql (2.0.3-6ubuntu0.1) ...
apache2_invoke 000_auth_pgsql: already enabled
 * Restarting web server apache2                    

Repeating the test several times, no crash:
ubuntu at trusty-mod-auth-pgsql-double-free-1272857:~$ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl
Hello, World!
ubuntu at trusty-mod-auth-pgsql-double-free-1272857:~$ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl
Hello, World!
ubuntu at trusty-mod-auth-pgsql-double-free-1272857:~$ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl
Hello, World!
ubuntu at trusty-mod-auth-pgsql-double-free-1272857:~$ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl
Hello, World!
ubuntu at trusty-mod-auth-pgsql-double-free-1272857:~$ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl
Hello, World!


** Tags removed: verification-needed
** Tags added: verification-done-xenial

** Tags removed: verification-done-xenial
** Tags added: verification-done-trusty

** Tags added: verification-done

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1272857

Title:
  Double free in libapache2-mod-auth-pgsql causes Apache to crash

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/+bug/1272857/+subscriptions



More information about the Ubuntu-server-bugs mailing list