[Bug 1272857] Re: Double free in libapache2-mod-auth-pgsql causes Apache to crash

Chris J Arges 1272857 at bugs.launchpad.net
Wed Aug 2 11:53:11 UTC 2017


Hello mubm, or anyone else affected,

Accepted libapache2-mod-auth-pgsql into trusty-proposed. The package
will build now and be available at
https://launchpad.net/ubuntu/+source/libapache2-mod-auth-
pgsql/2.0.3-6ubuntu0.1 in a few hours, and then in the -proposed
repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: libapache2-mod-auth-pgsql (Ubuntu Trusty)
       Status: In Progress => Fix Committed

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1272857

Title:
  Double free in libapache2-mod-auth-pgsql causes Apache to crash

Status in libapache2-mod-auth-pgsql package in Ubuntu:
  Fix Released
Status in libapache2-mod-auth-pgsql source package in Trusty:
  Fix Committed
Status in libapache2-mod-auth-pgsql package in Debian:
  Fix Released

Bug description:
  [Impact]
  The libapache2-mod-auth-pgsql module will trigger frequent segfaults in apache if used in conjunction with a CGI script.

  
  [Test Case]

  * install the packages on the Ubuntu release you are testing:
  $ sudo apt install apache2 libapache2-mod-auth-pgsql postgresql

  * create the database and populate it with the test user:
  $ sudo -u postgres -H createdb userdb
  $ sudo -u postgres -H psql userdb -c "CREATE TABLE UserLogin (Username text, ApachePassword text);"
  $ sudo -u postgres -H psql userdb -c "INSERT INTO UserLogin VALUES ('ubuntu', 'secret');"

  * Create the DB user the module will use and grant access to the user table:
  $ sudo -u postgres -H psql postgres -c "CREATE ROLE www UNENCRYPTED PASSWORD 'password' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;"
  $ sudo -u postgres -H psql userdb -c "GRANT SELECT ON TABLE userlogin TO www;"

  * Create /etc/apache2/conf-available/authpgtest.conf with the following content:
  Alias /authpgtest /export/scratch/authpgtest
  <Directory /export/scratch/authpgtest/>
    Options +ExecCGI +FollowSymLinks
    AddHandler cgi-script .pl
    AuthType basic
    AuthName "My Auth"
    Require valid-user
    AuthBasicProvider pgsql
    Auth_PG_authoritative On
    Auth_PG_host 127.0.0.1
    Auth_PG_port 5432
    Auth_PG_user www
    Auth_PG_pwd password
    Auth_PG_database userdb
    Auth_PG_encrypted off
    Auth_PG_pwd_table UserLogin
    Auth_PG_uid_field Username
    Auth_PG_pwd_field ApachePassword
  </Directory>

  * Enable this new configuration:
  $ sudo a2enconf authpgtest.conf

  * Enable the auth-pgsql and cgi modules and then restart apache:
  $ for n in 000_auth_pgsql cgi; do sudo a2enmod $n; done
  $ sudo service apache2 restart

  * Create the CGI directory for our script:
  $ sudo mkdir -p /export/scratch/authpgtest

  * Create the CGI script /export/scratch/authpgtest/hw.pl with the following contents:
  #!/usr/bin/perl
  print "Content-type: text/html\n\n";
  print "Hello, World!\n";

  * Make it executable:
  $ sudo chmod 0755 /export/scratch/authpgtest/hw.pl

  * Access the http://ubuntu:secret@localhost/authpgtest/hw.pl URL a few times while tailing /var/log/apache/error.log. After a few tries it will fail, and apache will log a segfault:
  $ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl
  Hello, World!
  $ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl
  Hello, World!
  $ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl
  curl: (52) Empty reply from server

  In /var/log/apache2/error.log:
  *** Error in `/usr/sbin/apache2': free(): invalid pointer: 0x00007fa9340007c8 ***
  [Wed Jul 19 20:43:57.077960 2017] [core:notice] [pid 10926:tid 140365262006144] AH00051: child pid 10930 exit signal Aborted (6), possible coredump in /etc/apache2

  After installing the fixed libapache2-mod-auth-pgsql package, all
  attempts will work.

  
  [Regression Potential]
  This patch is already being used in Ubuntu releases higher than trusty, all the way to artful, and also in Debian.

  This is a very old module that hasn't been built in a while (see
  [other info] below. It's possible that just by rebuilding it with the
  new environment available in Trusty could introduce unknowns.
  Hopefully, if that happens, it will be immediately noticed by the
  people who use it and will test this SRU.

  
  [Other Info]
  This module hasn't been rebuilt since vivid and seems unmaintained, being at version 2.0.3 since the precise days:
   libapache2-mod-auth-pgsql | 2.0.3-5build2 | precise
   libapache2-mod-auth-pgsql | 2.0.3-6 | trusty
   libapache2-mod-auth-pgsql | 2.0.3-6.1 | vivid
   libapache2-mod-auth-pgsql | 2.0.3-6.1 | xenial
   libapache2-mod-auth-pgsql | 2.0.3-6.1 | yakkety
   libapache2-mod-auth-pgsql | 2.0.3-6.1 | zesty
   libapache2-mod-auth-pgsql | 2.0.3-6.1ubuntu1 | artful

  - Debian's last changelog entry is from August 2013
  - Fedora killed it in July 2011
  - I couldn't find it in SuSE

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/+bug/1272857/+subscriptions



More information about the Ubuntu-sponsors mailing list