[Bug 1504354] Re: Invalid memory access on ap_server_config_defines

Robie Basak 1504354 at bugs.launchpad.net
Tue Oct 13 10:45:39 UTC 2015 

** Also affects: apache2 (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Changed in: apache2 (Ubuntu)
       Status: New => Fix Released

** Changed in: apache2 (Ubuntu Trusty)
       Status: New => Triaged

** Changed in: apache2 (Ubuntu Trusty)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1504354

Title:
  Invalid memory access on ap_server_config_defines

Status in Apache2 Web Server:
  Fix Released
Status in apache2 package in Ubuntu:
  Fix Released
Status in apache2 source package in Trusty:
  Triaged

Bug description:
  A bug in the Apache2 HTTP server results in invalid memory references
  in the ap_server_config_defines array after a graceful restart.  This
  can result in server config variables defined by means of the Define
  directive appearing to be undefined after a graceful restart.  This
  can cause incorrect processing of configuration files.  It can also
  cause the server to exit due to invalid configuration, even though
  the configtest prior to reload succeeded.

  This bug was reported upstream against Apache 2.4.6 and 2.4.10.  It
  appears in the 2.4.7-1ubuntu4.7 found in trusty-proposed, but was
  fixed in 2.4.12 and so does not appear in wily.

  This is upstream PR 56008 and 57328.

  
  [Test Case]
  - apt-get install apache2
  - Copy ifdefine-test.conf (attached) to /etc/apache2/sites-available
  - a2ensite ifdefine-test.conf
  - service apache2 restart
  - Observe that http://<hostname>/foo.html returns the default page
    (same as http://<hostname>/)

  - service apache2 reload
  - Examine /var/log/apache2/error.log; observe the warning message
    "Config variable ${TEST2} is not defined"
  - Observe that http://<hostname>/foo.html now returns a 404.

  With the bug fixed, the warning message will not appear, and the
  foo.html URL will continue to work after the reload.

  
  [Regression Potential]
  Low.

  The change is textually small (one line), but has a significant effect:
  it ensures that a fresh copy is made of the array containing defined
  variables each time the config file is read.  Without this, on reloads
  the original array (containing variables defined on the command line)
  is modified directly, causing it to contain string pointers that will
  become invalid when the configuration memory pool is released.

  The patch only changes what happens when the configuration pool is
  released, avoiding leaking memory references across successive reads
  of the config file.  As such, it is unlikely have any negative effect
  on processing of the configuration, and extremely unlikely to have any
  effect on operations once the server configuration has been read.

  This change was applied upstream in December, 2014 and appears in the
  upstream 2.4.12 release, which is in wily.  The patch also appears in
  2.4.10-10+deb8u2, which has been in Debian stable for about 5 weeks.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1504354/+subscriptions

More information about the Ubuntu-sponsors mailing list