--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apache2 using authnz_ldap: Infinite loop in find_block_of_size of authn_ldap_check_password - hanging processes hang whole server eventually
- From: Rainer Stumbaum <stumbaumr@yahoo.de>
- Date: Wed, 17 Feb 2016 10:43:10 +0100
- Message-id: <20160217094310.27994.13293.reportbug@www09.dc1.boerse-go.de>
Package: apache2
Version: 2.4.10-10+deb8u4
Severity: important
Dear Maintainer,
after upgrading from wheezy to jessie and adjusting our config we
experienced hangups in the apache2 processes. Attaching to the running
processes with gdb gives the following backtrace:
(gdb) bt
#0 0x00007f2a4aa4b5ad in find_block_of_size (size=size@entry=48,
rmm=0x7f2a4b2d5148) at /tmp/buildd/apr-util-1.5.4/misc/apr_rmm.c:106
#1 0x00007f2a4aa4bdd8 in apr_rmm_calloc (rmm=0x7f2a4b2d5148,
reqsize=<optimized out>) at
/tmp/buildd/apr-util-1.5.4/misc/apr_rmm.c:342
#2 0x00007f2a43c31fad in util_ald_alloc (cache=0x7f2a3e9c1c88,
size=<optimized out>) at util_ldap_cache_mgr.c:105
#3 0x00007f2a43c3277b in util_ald_cache_insert (cache=0x7f2a3e9c1008,
payload=0x30) at util_ldap_cache_mgr.c:470
#4 0x00007f2a43c2fa86 in uldap_cache_checkuserid (r=0x0,
ldc=0x7f2a4b1c10a0, url=0x7ffefb9c6930 "xxxxxxxxxx",
basedn=0x7f2a3e9ccf90 "", scope=160, attrs=0x3b90,
filter=0x7ffefb9c6a60
"(&(objectClass=user)(sAMAccountName=xxxxxxxx))",
bindpw=0x7f2a4aeee890 "xxxxxxxxxx", binddn=0x7ffefb9c69f8,
retvals=0x7f2a4aeee8b8) at util_ldap.c:1880
#5 0x00007f2a48ba9a1d in authn_ldap_check_password
(r=0x7f2a1ec790a0, user=0x30 <error: Cannot access memory at address
0x30>, password=0x7f2a4aeee890 "xxxxxxxxxxx") at
mod_authnz_ldap.c:543
#6 0x00007f2a491b8a76 in authenticate_basic_user (r=0x7f2a1ec790a0)
at mod_auth_basic.c:383
#7 0x00007f2a4b139070 in ap_run_check_user_id (r=0x7f2a1ec790a0) at
request.c:81
#8 0x00007f2a4b13c5b4 in ap_process_request_internal
(r=0x7f2a1ec790a0) at request.c:273
#9 0x00007f2a4b159670 in ap_process_async_request
(r=0x7f2a1ec790a0) at http_request.c:315
#10 0x00007f2a4b159820 in ap_process_request (r=0x7f2a1ec790a0) at
http_request.c:363
#11 0x00007f2a4b156122 in ap_process_http_sync_connection
(c=0x7f2a4aeff290) at http_core.c:190
#12 ap_process_http_connection (c=0x7f2a4aeff290) at http_core.c:231
#13 0x00007f2a4b14cb10 in ap_run_process_connection
(c=0x7f2a4aeff290) at connection.c:41
#14 0x00007f2a4381b7ba in child_main (child_num_arg=1050415112) at
prefork.c:704
#15 0x00007f2a4381ba01 in make_child (s=0x7f2a4b34ade0, slot=16) at
prefork.c:800
#16 0x00007f2a4381c667 in perform_idle_server_maintenance
(p=<optimized out>) at prefork.c:902
#17 prefork_run (_pconf=0x7f2a4b389f38 <ap_server_conf>,
plog=0x7ffefb9c8d5c, s=0x7ffefb9c8d60) at prefork.c:1090
#18 0x00007f2a4b128e7e in ap_run_mpm (pconf=0x7f2a4b378028,
plog=0x7f2a4b346028, s=0x7f2a4b34ade0) at mpm_common.c:94
#19 0x00007f2a4b1223c3 in main (argc=3, argv=0x7ffefb9c9048) at
main.c:777
(gdb)
We suspect that the heap is corrupted in the shared memory segment.
All apache child processes start getting affected by this at the same
time which indicates further that the shared memory is the problem.
Thanks for looking into this.
Rainer
-- Package-specific info:
-- System Information:
Debian Release: 8.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages apache2 depends on:
ii apache2-bin 2.4.10-10+deb8u4
ii apache2-data 2.4.10-10+deb8u4
ii apache2-utils 2.4.10-10+deb8u4
ii dpkg 1.17.26
ii lsb-base 4.1+Debian13+nmu1
ii mime-support 3.58
ii perl 5.20.2-3+deb8u3
ii procps 2:3.3.9-9
Versions of packages apache2 recommends:
ii ssl-cert 1.0.35
Versions of packages apache2 suggests:
pn apache2-doc <none>
pn apache2-suexec-pristine | apache2-suexec-custom <none>
ii w3m [www-browser] 0.5.3-19
Versions of packages apache2-bin depends on:
ii libapr1 1.5.1-3
ii libaprutil1 1.5.4-1
ii libaprutil1-dbd-sqlite3 1.5.4-1
ii libaprutil1-ldap 1.5.4-1
ii libc6 2.19-18+deb8u2
ii libldap-2.4-2 2.4.40+dfsg-1+deb8u2
ii liblua5.1-0 5.1.5-7.1
ii libpcre3 2:8.35-3.3+deb8u2
ii libssl1.0.0 1.0.1k-3+deb8u2
ii libxml2 2.9.1+dfsg1-5+deb8u1
ii perl 5.20.2-3+deb8u3
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages apache2-bin suggests:
pn apache2-doc <none>
pn apache2-suexec-pristine | apache2-suexec-custom <none>
ii w3m [www-browser] 0.5.3-19
Versions of packages apache2 is related to:
ii apache2 2.4.10-10+deb8u4
ii apache2-bin 2.4.10-10+deb8u4
-- Configuration Files:
/etc/apache2/apache2.conf changed:
Mutex file:${APACHE_LOCK_DIR} default
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
Include ports.conf
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
AccessFileName .htaccess
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%{X-Forwarded-For}i %h %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %h %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %D" combined_reqtime
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf
/etc/apache2/conf-available/security.conf changed:
ServerTokens Prod
ServerSignature Off
TraceEnable Off
<Directory /home>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<DirectoryMatch "/home/wwwdocs/public_html/video.godmode-trader.de/">
RewriteEngine off
Options None
AllowOverride None
php_admin_flag engine off
<FilesMatch "\.phps?$">
SetHandler default-handler
Require all denied
</FilesMatch>
</DirectoryMatch>
<DirectoryMatch "/\.(svn|git)">
Require all denied
</DirectoryMatch>
/etc/apache2/envvars changed:
unset HOME
if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
else
SUFFIX=
fi
export APACHE_RUN_USER=wwwdocs
export APACHE_RUN_GROUP=wwwdocs
export APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid
export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
export APACHE_LOG_DIR=/var/log/apache2$SUFFIX
export LANG=C
export LANG
umask 002
/etc/apache2/mods-available/deflate.conf changed:
<IfModule mod_filter.c>
# these are known to be safe with MSIE 6
AddOutputFilterByType DEFLATE text/html text/plain text/xml
# everything else may cause problems with MSIE 6
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript text/javascript
AddOutputFilterByType DEFLATE application/atom+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE image/svg+xml
</IfModule>
/etc/apache2/mods-available/dir.conf changed:
<IfModule mod_dir.c>
DirectoryIndex index.php index.html
</IfModule>
/etc/apache2/mods-available/mpm_prefork.conf changed:
<IfModule mpm_prefork_module>
StartServers 32
MinSpareServers 15
MaxSpareServers 25
MaxRequestWorkers 128
MaxConnectionsPerChild 0
</IfModule>
/etc/apache2/mods-available/status.conf changed:
<IfModule mod_status.c>
<Location /server-status>
SetHandler server-status
Require local
Require ip 10.20.35.0/24
Require ip 10.20.50.0/24
Require ip 10.20.56.0/24
Require ip 192.168.0.0/22
</Location>
# Keep track of extended status information for each request
ExtendedStatus On
# Determine if mod_status displays the first 63 characters of a request or
# the last 63, assuming the request itself is greater than 63 chars.
# Default: Off
#SeeRequestTail On
<IfModule mod_proxy.c>
# Show Proxy LoadBalancer status in mod_status
ProxyStatus On
</IfModule>
</IfModule>
/etc/apache2/ports.conf changed:
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: apache2
Source-Version: 2.4.33-1
We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 814980@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 30 Mar 2018 22:53:13 +0200
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg
Architecture: source amd64 all
Version: 2.4.33-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description:
apache2 - Apache HTTP Server
apache2-bin - Apache HTTP Server (modules and other binary files)
apache2-data - Apache HTTP Server (common files)
apache2-dbg - Apache debugging symbols
apache2-dev - Apache HTTP Server (development headers)
apache2-doc - Apache HTTP Server (on-site documentation)
apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
apache2-utils - Apache HTTP Server (utility programs for web servers)
Closes: 814980 878920
Changes:
apache2 (2.4.33-1) unstable; urgency=medium
.
* New upstream version.
Security fixes:
- CVE-2017-15710
Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig enabled
- CVE-2018-1283
mod_session: CGI-like applications that intend to read from mod_session's
'SessionEnv ON' could be fooled into reading user-supplied data instead.
- CVE-2018-1303
mod_cache_socache: Fix request headers parsing to avoid a possible crash
with specially crafted input data.
- CVE-2018-1301
core: Possible crash with excessively long HTTP request headers.
Impractical to exploit with a production build and production LogLevel.
- CVE-2017-15715
core: Configure the regular expression engine to match '$' to the end of
the input string only, excluding matching the end of any embedded
newline characters. Behavior can be changed with new directive
'RegexDefaultOptions'.
- CVE-2018-1312
mod_auth_digest: Fix generation of nonce values to prevent replay
attacks across servers using a common Digest domain. This change
may cause problems if used with round robin load balancers. PR 54637
- CVE-2018-1302
mod_http2: Potential crash w/ mod_http2.
.
- mod_proxy_uwsgi: New UWSGI proxy submodule.
- mod_md: New experimental module for managing domains across virtual
hosts, implementing the Let's Encrypt ACMEv1 protocol to signup and
renew certificates.
- core: silently ignore a not existent file path when IncludeOptional
is used. Closes: #878920
- mod_ldap: Avoid possible crashes, hangs, and busy loops. Closes: #814980
.
* Fix lintian warnings:
- Include SupportApache-small.png in apache2-doc package instead of
linking to apache.org, to avoid privacy issues.
- Use /usr/share/dpkg/architecture.mk instead of setting DEB_*_GNU_TYPE
- Remove deprecated use of autotools_dev with dh.
- Add some overrides
* Bump standards-version to 4.1.2 (no changes)
Checksums-Sha1:
57b59318d33630fcbd29e4438c1e7d6b6ffcc55d 3374 apache2_2.4.33-1.dsc
9e56042515793a6992adc4b9f3a0345a0cb98176 6934765 apache2_2.4.33.orig.tar.bz2
690c549eb7c94d7ff34549b73c310900b4b9b6ea 473 apache2_2.4.33.orig.tar.bz2.asc
3d16bffcf594c73c59f86c51315ddf6236e86c5c 785632 apache2_2.4.33-1.debian.tar.xz
65c3c4df59c4a213e3969111e3dd757d937de8c4 1302416 apache2-bin_2.4.33-1_amd64.deb
9d861182f689fafc736307107c62b53c96528805 161260 apache2-data_2.4.33-1_all.deb
9cd4158dcf879d71173c25d31ea7b7d76b614ec8 4241860 apache2-dbg_2.4.33-1_amd64.deb
37041f703e557d5eb7eaa8a31fbe788470e6cb01 323444 apache2-dev_2.4.33-1_amd64.deb
d96bf11f3b7fb302a0e12c6cbe0b84652fc0f799 3939036 apache2-doc_2.4.33-1_all.deb
f5e4739892ac0d9fe3c3e547f1915ef8e8cfd2d6 2344 apache2-ssl-dev_2.4.33-1_amd64.deb
2b1e0719018ccc91d039cd944974859c1d878de5 164692 apache2-suexec-custom_2.4.33-1_amd64.deb
62f1c8b5fc6dc9c81c7e21760d38afacede18d11 163192 apache2-suexec-pristine_2.4.33-1_amd64.deb
7b65c0c93525d47f087c9e1c956c406b678aae46 228452 apache2-utils_2.4.33-1_amd64.deb
7e47554722a60475d77fed294acec9d6859e79c8 10106 apache2_2.4.33-1_amd64.buildinfo
69f1c3844b42b9632bac46aede7d1a77fa07f94d 244292 apache2_2.4.33-1_amd64.deb
Checksums-Sha256:
4d07b2a9dd01e9bc855f60e008812e1f6f92a6b6450403e7688479209d8459a2 3374 apache2_2.4.33-1.dsc
de02511859b00d17845b9abdd1f975d5ccb5d0b280c567da5bf2ad4b70846f05 6934765 apache2_2.4.33.orig.tar.bz2
992f2929e0e4a4e353601abaa1fec016a75af2ee8e06740e41ae4b7924b70bbd 473 apache2_2.4.33.orig.tar.bz2.asc
2bcd0783ca1853a43b569e96c200c355b7236af8a57fb3fb529b56bd9cf4e199 785632 apache2_2.4.33-1.debian.tar.xz
6feee444ca8cd6af17b5ad848d85b6fdbf8dfc006306adb0904035235472bace 1302416 apache2-bin_2.4.33-1_amd64.deb
5fbbe2420d40dae6089c9e3ee2239764d952100fed9fe0c37695291edec0e3d7 161260 apache2-data_2.4.33-1_all.deb
ba3a8491c60762996be21e39c9c320a41353859fe3a986d457b21634f22f0fed 4241860 apache2-dbg_2.4.33-1_amd64.deb
e7dde1e36568234e536323ea49895ddef83857f1d9e952c48113eab771829e80 323444 apache2-dev_2.4.33-1_amd64.deb
4ed63d8c15e0404bac5c2f74e83d32523eb99b0f2c38c63e05170a220ac23cf1 3939036 apache2-doc_2.4.33-1_all.deb
42e0993bf43fc97e3c6f3fc3ee6baf6a7d081a6a07366980930325c9dde866ad 2344 apache2-ssl-dev_2.4.33-1_amd64.deb
5799d515af5466db1d18e7264b0d75c4b9e0cce15b8547ad92cd84350f4cc111 164692 apache2-suexec-custom_2.4.33-1_amd64.deb
9063a06eeb1af682aa6402b03f82c6461623e00d72c878fed46f1235e192b624 163192 apache2-suexec-pristine_2.4.33-1_amd64.deb
c34d9c8cd77e6a7363268ddef0adb4ade7c87108e54907be892698fa941cfdc3 228452 apache2-utils_2.4.33-1_amd64.deb
99bc9e1747a526f9e86972b7a4fd087123a6c50e487cb94bcf8ef8ec6607ee11 10106 apache2_2.4.33-1_amd64.buildinfo
eeb21e5b225fbe698e2eabaf85d8e3f44087df5b09549569085998c0113bcf33 244292 apache2_2.4.33-1_amd64.deb
Files:
47f0aaee452d6a4c8b42ff8324072c9e 3374 httpd optional apache2_2.4.33-1.dsc
6ef469d3f16fffeb688bc6e0346823e5 6934765 httpd optional apache2_2.4.33.orig.tar.bz2
d272385c5fc3961f7a01b61894dd9942 473 httpd optional apache2_2.4.33.orig.tar.bz2.asc
0079b04636ffb87a3e0abff665763f48 785632 httpd optional apache2_2.4.33-1.debian.tar.xz
0aa85823acd2e93b7a82feb343d36e3b 1302416 httpd optional apache2-bin_2.4.33-1_amd64.deb
f6d6ab2a636e4bb7f510754912ec6bf0 161260 httpd optional apache2-data_2.4.33-1_all.deb
916c6bc1ccd9d4cbbe47a9f224fd2e05 4241860 debug optional apache2-dbg_2.4.33-1_amd64.deb
24e17082ed2444087e9b5de78a3fcfe0 323444 httpd optional apache2-dev_2.4.33-1_amd64.deb
8f4468624754028ea73fdbd088d10287 3939036 doc optional apache2-doc_2.4.33-1_all.deb
774cb1ad0838512bcd2d1f527f06065b 2344 httpd optional apache2-ssl-dev_2.4.33-1_amd64.deb
1a297bd36cb541e0e3bb885f74fcc5d6 164692 httpd optional apache2-suexec-custom_2.4.33-1_amd64.deb
78112460051747d7e3aa8c2e7a6bbaf8 163192 httpd optional apache2-suexec-pristine_2.4.33-1_amd64.deb
9d2d174b29cd87923674e7d107ee2854 228452 httpd optional apache2-utils_2.4.33-1_amd64.deb
a743f245852337dfa5c9cef3ff2eb685 10106 httpd optional apache2_2.4.33-1_amd64.buildinfo
69e6dfce4d392c5d99540efff5fe910f 244292 httpd optional apache2_2.4.33-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEOpiNza8JqByyYYsxxodfNUHO/eAFAlq+pVsACgkQxodfNUHO
/eCqCg/+PWqa4chm3Gm+9zvn8cpeHD3Z+Ou3otPGJZC9knv9PR2rmM/wgiEixgR8
HWgW5ASgoDzRFQtOoa4osG5/DnOpkhoywxpqwyFhtFNDrxaQX3/je6rCYyUIXEjg
kjG/KbosAga04xu5OjWpYrGSLezIpM6O+hRwiX0TNCuXAQjFj21IC+53HK1NyatL
6fNQ75go83fB0gJHQMeX6OalryX3DukX6w4jRJtfExaJ1fVxp94M7aZkPoyaPxHG
mADRn5J3wCKAKLZEiGJ+pv5LVfnfnjZYr4+UJsKgKRGVefhivmC1igHMwXI+SKcO
139QBsJlPSIXfafQyMZSXUsxLJfVw+2HAQgvxWgcAV83C5gvDM9/4hXVMWw1jYtZ
FyN8QFNtgBdYtS+r91jHnXuq5O54ofWEUu7zVyOQ2C6mfTwL98+EhbPVEdmxhvDO
cyziIwjY/Q2d5jD78YLtq1QxT4GCjpcf5oS5pQJgNzfOkFzuaFOJayxr/ckGixCd
ERXIcHPP/we7nUhVzkJghlfV5LQJszhvmOQqsaRNAuUCoxFFvPXnBgtg/kqlvhZt
/ar38333m5+CTxk78k8x15EyDmJEY2imo+MUiBDw7zKPkW//f5Few8CVG15R4WRU
uXauppAbtrZ9aWwRspBM1EAS57S5q7mg+v8IpA1MhaotAxyU1/g=
=PMYJ
-----END PGP SIGNATURE-----
--- End Message ---