[Bug 1272857] Re: Double free in libapache2-mod-auth-pgsql causes Apache to crash
Chris J Arges
1272857 at bugs.launchpad.net
Wed Aug 2 11:53:11 UTC 2017
Hello mubm, or anyone else affected,
Accepted libapache2-mod-auth-pgsql into trusty-proposed. The package
will build now and be available at
https://launchpad.net/ubuntu/+source/libapache2-mod-auth-
pgsql/2.0.3-6ubuntu0.1 in a few hours, and then in the -proposed
repository.
Please help us by testing this new package. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed. Your feedback will aid us getting this update
out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed. In either case, details of your testing will help
us make a better decision.
Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in
advance!
** Changed in: libapache2-mod-auth-pgsql (Ubuntu Trusty)
Status: In Progress => Fix Committed
** Tags added: verification-needed
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1272857
Title:
Double free in libapache2-mod-auth-pgsql causes Apache to crash
Status in libapache2-mod-auth-pgsql package in Ubuntu:
Fix Released
Status in libapache2-mod-auth-pgsql source package in Trusty:
Fix Committed
Status in libapache2-mod-auth-pgsql package in Debian:
Fix Released
Bug description:
[Impact]
The libapache2-mod-auth-pgsql module will trigger frequent segfaults in apache if used in conjunction with a CGI script.
[Test Case]
* install the packages on the Ubuntu release you are testing:
$ sudo apt install apache2 libapache2-mod-auth-pgsql postgresql
* create the database and populate it with the test user:
$ sudo -u postgres -H createdb userdb
$ sudo -u postgres -H psql userdb -c "CREATE TABLE UserLogin (Username text, ApachePassword text);"
$ sudo -u postgres -H psql userdb -c "INSERT INTO UserLogin VALUES ('ubuntu', 'secret');"
* Create the DB user the module will use and grant access to the user table:
$ sudo -u postgres -H psql postgres -c "CREATE ROLE www UNENCRYPTED PASSWORD 'password' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;"
$ sudo -u postgres -H psql userdb -c "GRANT SELECT ON TABLE userlogin TO www;"
* Create /etc/apache2/conf-available/authpgtest.conf with the following content:
Alias /authpgtest /export/scratch/authpgtest
<Directory /export/scratch/authpgtest/>
Options +ExecCGI +FollowSymLinks
AddHandler cgi-script .pl
AuthType basic
AuthName "My Auth"
Require valid-user
AuthBasicProvider pgsql
Auth_PG_authoritative On
Auth_PG_host 127.0.0.1
Auth_PG_port 5432
Auth_PG_user www
Auth_PG_pwd password
Auth_PG_database userdb
Auth_PG_encrypted off
Auth_PG_pwd_table UserLogin
Auth_PG_uid_field Username
Auth_PG_pwd_field ApachePassword
</Directory>
* Enable this new configuration:
$ sudo a2enconf authpgtest.conf
* Enable the auth-pgsql and cgi modules and then restart apache:
$ for n in 000_auth_pgsql cgi; do sudo a2enmod $n; done
$ sudo service apache2 restart
* Create the CGI directory for our script:
$ sudo mkdir -p /export/scratch/authpgtest
* Create the CGI script /export/scratch/authpgtest/hw.pl with the following contents:
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "Hello, World!\n";
* Make it executable:
$ sudo chmod 0755 /export/scratch/authpgtest/hw.pl
* Access the http://ubuntu:secret@localhost/authpgtest/hw.pl URL a few times while tailing /var/log/apache/error.log. After a few tries it will fail, and apache will log a segfault:
$ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl
Hello, World!
$ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl
Hello, World!
$ curl -f http://ubuntu:secret@localhost/authpgtest/hw.pl
curl: (52) Empty reply from server
In /var/log/apache2/error.log:
*** Error in `/usr/sbin/apache2': free(): invalid pointer: 0x00007fa9340007c8 ***
[Wed Jul 19 20:43:57.077960 2017] [core:notice] [pid 10926:tid 140365262006144] AH00051: child pid 10930 exit signal Aborted (6), possible coredump in /etc/apache2
After installing the fixed libapache2-mod-auth-pgsql package, all
attempts will work.
[Regression Potential]
This patch is already being used in Ubuntu releases higher than trusty, all the way to artful, and also in Debian.
This is a very old module that hasn't been built in a while (see
[other info] below. It's possible that just by rebuilding it with the
new environment available in Trusty could introduce unknowns.
Hopefully, if that happens, it will be immediately noticed by the
people who use it and will test this SRU.
[Other Info]
This module hasn't been rebuilt since vivid and seems unmaintained, being at version 2.0.3 since the precise days:
libapache2-mod-auth-pgsql | 2.0.3-5build2 | precise
libapache2-mod-auth-pgsql | 2.0.3-6 | trusty
libapache2-mod-auth-pgsql | 2.0.3-6.1 | vivid
libapache2-mod-auth-pgsql | 2.0.3-6.1 | xenial
libapache2-mod-auth-pgsql | 2.0.3-6.1 | yakkety
libapache2-mod-auth-pgsql | 2.0.3-6.1 | zesty
libapache2-mod-auth-pgsql | 2.0.3-6.1ubuntu1 | artful
- Debian's last changelog entry is from August 2013
- Fedora killed it in July 2011
- I couldn't find it in SuSE
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/+bug/1272857/+subscriptions
More information about the Ubuntu-sponsors
mailing list