[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#627182: libapr1: last security update introduces a infinite loop condition

Date: 2011 05 20

I can confirm the same problem on our prod server after upgrade to
the problem is triggered by some configuration directive in apache.conf;

package details:
ii  apache2
2.2.9-10+lenny9            Apache HTTP Server metapackage
ii  apache2-mpm-prefork                             2.2.9-10+lenny9
        Apache HTTP Server - traditional non-threade
ii  apache2-utils
2.2.9-10+lenny9            utility programs for webservers
ii  apache2.2-common                                2.2.9-10+lenny9
        Apache HTTP Server common files
ii  libapache2-mod-auth-pgsql                      2.0.3-5
            Module for Apache2 which provides pgsql auth
ii  libapr1
1.2.12-5+lenny3            The Apache Portable Runtime Library
ii  libaprutil1
1.2.12+dfsg-8+lenny5    The Apache Portable Runtime Utility Library

O.S.: Linux i686 GNU/Linux

I have also some GDB debug if someone is interested: it shows an
application loop in the apr_fnmatch() function
(I can provide the full debug session on someone will ask for it):

    Breakpoint 1, apr_fnmatch (pattern=0x9b0e7c0
"/somestring/*/*/*/*/other_string/", string=0x9b5a5a0 "/somestring",


Reply to: