[Bug 1698758] Re: Encrypted password causes segmentation fault
Andreas Hasenack
andreas at canonical.com
Thu Aug 3 14:40:45 UTC 2017
Trusty verification
Crash confirmed with libapache2-mod-auth-pgsql 2.0.3-6. Curiously, with more than just the "ubuntu-invalidhash" user:
ubuntu at trust-mod-auth-pgsql-crypt-segfault-1698758:~$ for u in ubuntu-invalidhash ubuntu-md5 ubuntu-sha256 ubuntu-sha512 ubuntu-des; do echo -n "Testing $u... "; curl -f http://$u:secret@localhost/ -o /dev/null -s; echo $?; done
Testing ubuntu-invalidhash... 52
Testing ubuntu-md5... 0
Testing ubuntu-sha256... 52
Testing ubuntu-sha512... 0
Testing ubuntu-des... 52
The invalidhash user produced a segfault:
[Thu Aug 03 14:36:27.775572 2017] [core:notice] [pid 6989:tid 140610926643072] AH00051: child pid 8101 exit signal Segmentation fault (11), possible coredump in /etc/apache2
The sha256 and des ones died because of something else:
*** Error in `/usr/sbin/apache2': free(): invalid pointer: 0x00007fe2680007c8 ***
[Thu Aug 03 14:36:59.810618 2017] [core:notice] [pid 6989:tid 140610926643072] AH00051: child pid 8670 exit signal Aborted (6), possible coredump in /etc/apache2
Maybe this is the double free bug #1272857 happening in a non-CGI context, because if I try it multiple times, it works sometimes:
ubuntu at trust-mod-auth-pgsql-crypt-segfault-1698758:~$ curl -f http://ubuntu-sha256:secret@localhost/ -o /dev/null -s;echo $?
0
ubuntu at trust-mod-auth-pgsql-crypt-segfault-1698758:~$ curl -f http://ubuntu-sha256:secret@localhost/ -o /dev/null -s;echo $?
52
ubuntu at trust-mod-auth-pgsql-crypt-segfault-1698758:~$ curl -f http://ubuntu-sha256:secret@localhost/ -o /dev/null -s;echo $?
0
ubuntu at trust-mod-auth-pgsql-crypt-segfault-1698758:~$ curl -f http://ubuntu-sha256:secret@localhost/ -o /dev/null -s;echo $?
52
ubuntu at trust-mod-auth-pgsql-crypt-segfault-1698758:~$ curl -f http://ubuntu-sha256:secret@localhost/ -o /dev/null -s;echo $?
0
Moving on. Let's install the package from proposed:
(...)
Get:1 http://br.archive.ubuntu.com/ubuntu/ trusty-proposed/main libapache2-mod-auth-pgsql amd64 2.0.3-6ubuntu0.1 [18.6 kB]
Fetched 18.6 kB in 0s (0 B/s)
(Reading database ... 26196 files and directories currently installed.)
Preparing to unpack .../libapache2-mod-auth-pgsql_2.0.3-6ubuntu0.1_amd64.deb ...
Unpacking libapache2-mod-auth-pgsql (2.0.3-6ubuntu0.1) over (2.0.3-6) ...
Setting up libapache2-mod-auth-pgsql (2.0.3-6ubuntu0.1) ...
apache2_invoke 000_auth_pgsql: already enabled
* Restarting web server apache2
...done.
No crash now with the auth loop, even if run multiple times:
ubuntu at trust-mod-auth-pgsql-crypt-segfault-1698758:~$ for u in ubuntu-invalidhash ubuntu-md5 ubuntu-sha256 ubuntu-sha512 ubuntu-des; do echo -n "Testing $u... "; curl -f http://$u:secret@localhost/ -o /dev/null -s; echo $?; done
Testing ubuntu-invalidhash... 22
Testing ubuntu-md5... 0
Testing ubuntu-sha256... 0
Testing ubuntu-sha512... 0
Testing ubuntu-des... 0
And the apache error logs show just the expected unsupported crypt format:
ubuntu at trust-mod-auth-pgsql-crypt-segfault-1698758:~$ tail -n 2 /var/log/apache2/error.log
[Thu Aug 03 14:39:30.464138 2017] [auth_pgsql:error] [pid 10843:tid 140107864598272] [client 127.0.0.1:42120] [mod_auth_pgsql.c] - ERROR - PG user ubuntu-invalidhash: unsupported CRYPT format
[Thu Aug 03 14:39:30.464252 2017] [auth_basic:error] [pid 10843:tid 140107864598272] [client 127.0.0.1:42120] AH01617: user ubuntu-invalidhash: authentication failure for "/": Password Mismatch
** Tags added: verification-done-trusty
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libapache2-mod-auth-pgsql in Ubuntu.
https://bugs.launchpad.net/bugs/1698758
Title:
Encrypted password causes segmentation fault
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/+bug/1698758/+subscriptions
More information about the Ubuntu-server-bugs
mailing list