[Bug 1698758] Re: Encrypted password causes segmentation fault

Andreas Hasenack andreas at canonical.com
Thu Aug 3 14:27:28 UTC 2017


Xenial verification:

Crash confirmed with libapache2-mod-auth-pgsql	2.0.3-6.1:
ubuntu at xenial-mod-auth-pgsql-crypt-segfault-1698758:~$ for u in ubuntu-invalidhash ubuntu-md5 ubuntu-sha256 ubuntu-sha512 ubuntu-des; do echo -n "Testing $u... "; curl -f http://$u:secret@localhost/ -o /dev/null -s; echo $?; done
Testing ubuntu-invalidhash... 52
Testing ubuntu-md5... 0
Testing ubuntu-sha256... 0
Testing ubuntu-sha512... 0
Testing ubuntu-des... 0


apache error log:
ubuntu at xenial-mod-auth-pgsql-crypt-segfault-1698758:~$ tail -n 1 /var/log/apache2/error.log 
[Thu Aug 03 14:25:13.785006 2017] [core:notice] [pid 4260:tid 139737623807872] AH00051: child pid 4263 exit signal Segmentation fault (11), possible coredump in /etc/apache2


Installing the package from proposed:
(...)
Get:1 http://br.archive.ubuntu.com/ubuntu xenial-proposed/main amd64 libapache2-mod-auth-pgsql amd64 2.0.3-6.1ubuntu0.16.04.1 [18.5 kB]
Fetched 18.5 kB in 0s (266 kB/s)                     
(Reading database ... 26956 files and directories currently installed.)
Preparing to unpack .../libapache2-mod-auth-pgsql_2.0.3-6.1ubuntu0.16.04.1_amd64.deb ...
Unpacking libapache2-mod-auth-pgsql (2.0.3-6.1ubuntu0.16.04.1) over (2.0.3-6.1) ...
Setting up libapache2-mod-auth-pgsql (2.0.3-6.1ubuntu0.16.04.1) ...
apache2_invoke 000_auth_pgsql: already enabled

Retrying the loop, this time we get just the auth error:
ubuntu at xenial-mod-auth-pgsql-crypt-segfault-1698758:~$ for u in ubuntu-invalidhash ubuntu-md5 ubuntu-sha256 ubuntu-sha512 ubuntu-des; do echo -n "Testing $u... "; curl -f http://$u:secret@localhost/ -o /dev/null -s; echo $?; done
Testing ubuntu-invalidhash... 22
Testing ubuntu-md5... 0
Testing ubuntu-sha256... 0
Testing ubuntu-sha512... 0
Testing ubuntu-des... 0

apache error log shows the unsupported hash format and no crash:
ubuntu at xenial-mod-auth-pgsql-crypt-segfault-1698758:~$ tail -n 2 /var/log/apache2/error.log 
[Thu Aug 03 14:26:49.400099 2017] [auth_pgsql:error] [pid 4747:tid 140520391177984] [client 127.0.0.1:41554] [mod_auth_pgsql.c] - ERROR - PG user ubuntu-invalidhash: unsupported CRYPT format
[Thu Aug 03 14:26:49.400440 2017] [auth_basic:error] [pid 4747:tid 140520391177984] [client 127.0.0.1:41554] AH01617: user ubuntu-invalidhash: authentication failure for "/": Password Mismatch


** Tags added: verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libapache2-mod-auth-pgsql in Ubuntu.
https://bugs.launchpad.net/bugs/1698758

Title:
  Encrypted password causes segmentation fault

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/+bug/1698758/+subscriptions



More information about the Ubuntu-server-bugs mailing list