Bug 1221575
| Summary: | a segfault in dbmfilegroup_check_authorization in mod_authz_dbm.c | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Hisanobu Okuda <hokuda> |
| Component: | httpd | Assignee: | Luboš Uhliarik <luhliari> |
| Status: | CLOSED ERRATA | QA Contact: | Martin Frodl <mfrodl> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.1 | CC: | isenfeld, jkaluza, jorton |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | httpd-2.4.6-33.el7 | Doc Type: | Bug Fix |
| Doc Text: |
The mod_authz_dbm module requires the mod_authz_owner module but this dependency was not reflected in the mod_authz_dbm code. Consequently, when the "Require dbm-file-group" directive was used and mod_authz_dbm was loaded before mod_authz_owner, the httpd daemon terminated unexpectedly with a segmentation fault. The mod_authz_dbm code now allows loading before the mod_authz_owner module, and httpd no loner crashes in this scenario.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-11-19 04:37:42 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Since the authz_dbm_module requires authz_owner_module, authz_owner_module should be registered before authz_dbm_module (same on authz_groupfile_module as well). Therefore, the issue is gone with the following config change:-
[root@host11 conf.modules.d]# diff -u 00-base.conf.org 00-base.conf
--- 00-base.conf.org 2015-05-14 20:53:29.209639888 +0900
+++ 00-base.conf 2015-05-14 20:53:39.026639888 +0900
@@ -17,10 +17,10 @@
LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_dbd_module modules/mod_authz_dbd.so
+LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
-LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cache_module modules/mod_cache.so
[root@host11 conf.modules.d]#
However, just in case, it should show me an error message with the following (pseude) code, since a segfault is not the way to tell me that.
static void register_hooks(apr_pool_t *p)
{
authz_owner_get_file_group = APR_RETRIEVE_OPTIONAL_FN(authz_owner_get_file_group);
if (authz_owner_get_file_group == NULL) { <== ADD THIS
ap_log_rerror(...); <== ADD THIS
} <== ADD THIS
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2194.html |
Description of problem: "Require dbm-file-group" causes a segfault in dbmfilegroup_check_authorization in mod_authz_dbm.c. You can see a segfault running it under gdb with a breakpoint:- # gdb /usr/sbin/httpd Reading symbols from /usr/sbin/httpd...Reading symbols from /usr/lib/debug/usr/sbin/httpd.debug...done. done. (gdb) b dbmfilegroup_check_authorization Function "dbmfilegroup_check_authorization" not defined. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 1 (dbmfilegroup_check_authorization) pending. (gdb) run -X -DFOREGROUND Starting program: /usr/sbin/httpd -X -DFOREGROUND [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". warning: Temporarily disabling breakpoints for unloaded shared library "/etc/httpd/modules/mod_authz_dbm.so" (access a protected resource and submit username/password) Breakpoint 1, dbmfilegroup_check_authorization (r=0x7f851f1c02d0, require_args=0x7f851ee87e56 "", parsed_require_args=0x0) at mod_authz_dbm.c:207 207 { (gdb) 210 char *user = r->user; (gdb) 207 { (gdb) 208 authz_dbm_config_rec *conf = ap_get_module_config(r->per_dir_config, (gdb) 211 const char *realm = ap_auth_name(r); (gdb) 218 if (!user) { (gdb) 219 return AUTHZ_DENIED_NO_USER; (gdb) 218 if (!user) { (gdb) 222 if (!conf->grpfile) { (gdb) 229 status = get_dbm_grp(r, apr_pstrcat(r->pool, user, ":", realm, NULL), (gdb) 232 if (status != APR_SUCCESS) { (gdb) 239 if (groups == NULL) { (gdb) 250 filegroup = authz_owner_get_file_group(r); (gdb) print authz_owner_get_file_group $1 = (apr_OFN_authz_owner_get_file_group_t *) 0x0 (gdb) n Program received signal SIGSEGV, Segmentation fault. 0x0000000000000000 in ?? () (gdb) bt #0 0x0000000000000000 in ?? () #1 0x00007f7d041ee079 in dbmfilegroup_check_authorization (r=0x7f7d0a31e310, require_args=<optimized out>, parsed_require_args=<optimized out>) at mod_authz_dbm.c:250 #2 0x00007f7d045f6da2 in apply_authz_sections (r=r@entry=0x7f7d0a31e310, section=section@entry=0x7f7d0a01e568, parent_op=<optimized out>) at mod_authz_core.c:737 #3 0x00007f7d045f6f58 in apply_authz_sections (r=r@entry=0x7f7d0a31e310, section=section@entry=0x7f7d0a01e4c8, parent_op=<optimized out>) at mod_authz_core.c:751 #4 0x00007f7d045f6f58 in apply_authz_sections (r=r@entry=0x7f7d0a31e310, section=0x7f7d0a01e5c0, parent_op=parent_op@entry=AUTHZ_LOGIC_AND) at mod_authz_core.c:751 #5 0x00007f7d045f70da in authorize_user_core (r=0x7f7d0a31e310, after_authn=1) at mod_authz_core.c:840 #6 0x00007f7d0818da60 in ap_run_auth_checker (r=0x7f7d0a31e310) at request.c:90 #7 0x00007f7d08190358 in ap_process_request_internal (r=r@entry=0x7f7d0a31e310) at request.c:294 #8 0x00007f7d081ab628 in ap_process_async_request (r=r@entry=0x7f7d0a31e310) at http_request.c:315 #9 0x00007f7d081ab914 in ap_process_request (r=r@entry=0x7f7d0a31e310) at http_request.c:363 #10 0x00007f7d081a82a2 in ap_process_http_sync_connection (c=0x7f7d0a253af0) at http_core.c:190 #11 ap_process_http_connection (c=0x7f7d0a253af0) at http_core.c:231 #12 0x00007f7d081a0340 in ap_run_process_connection (c=0x7f7d0a253af0) at connection.c:41 #13 0x00007f7d081a0728 in ap_process_connection (c=c@entry=0x7f7d0a253af0, csd=<optimized out>) at connection.c:202 #14 0x00007f7cfdb7280f in child_main (child_num_arg=child_num_arg@entry=0) at prefork.c:707 #15 0x00007f7cfdb72a0c in make_child (s=0x7f7d09f5b340, slot=slot@entry=0) at prefork.c:749 #16 0x00007f7cfdb73791 in prefork_run (_pconf=<optimized out>, plog=0x7f7d09f5f378, s=0x7f7d09f5b340) at prefork.c:966 #17 0x00007f7d0817d2ce in ap_run_mpm (pconf=0x7f7d09f32158, plog=0x7f7d09f5f378, s=0x7f7d09f5b340) at mpm_common.c:96 #18 0x00007f7d081768f6 in main (argc=3, argv=0x7fff14a9f608) at main.c:777 (gdb) Version-Release number of selected component (if applicable): httpd-2.4.6-31.el7.x86_64 How reproducible: Steps to Reproduce: 1. append the following lines to httpd.conf <Directory "/var/www/html/test2/"> AuthName test AuthType Basic AuthBasicProvider dbm AuthDBMUserFile /etc/httpd/conf/users AuthDBMGroupFile /etc/httpd/conf/groups AuthzDBMType SDBM Require dbm-file-group </Directory> 2. create html file [root@host11 conf]# mkdir /var/www/html/test [root@host11 conf]# cat > /var/www/html/test/index.html hi (Ctrl-D) [root@host11 conf]# 3. create db [root@host11 conf]# htdbm -c -TSDBM /etc/httpd/conf/users user1 New password: Re-type new password: Database /etc/httpd/conf/users created. [root@host11 conf]# cat > groups.txt user1 root (Ctrl-D) [root@host11 conf]# httxt2dbm -v -f SDBM -i ./groups.txt -o /etc/httpd/conf/groups DBM Format: SDBM Input File: ./groups.txt DBM File: /etc/httpd/conf/groups 'user1' -> 'root' Conversion Complete. 4. start httpd [root@host11 conf]# systemctl start httpd.service 5. access http://localhost/test/, then you will see the segfault. Actual results: Expected results: Additional info: