Bug 1300464

Summary: Configuring AuthzForceUsernameCase causes a segfault of HTTPD
Product: Red Hat Enterprise Linux 5 Reporter: Patrick Goodwin <patrick.j.goodwin>
Component: subversionAssignee: Joe Orton <jorton>
Status: CLOSED WONTFIX QA Contact: qe-baseos-daemons
Severity: medium Docs Contact:
Priority: unspecified    
Version: 5.11CC: patrick.j.goodwin
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-04-18 22:02:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Patrick Goodwin 2016-01-20 22:30:06 UTC 
Description of problem:
When setting AuthzForceUsernameCase to lower in the /etc/httpd/conf.d/subversion.conf, when a user tries to authenticate it causes HTTPD to segfault. This issue was also discovered in RHEL 6 (https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/subversion_and_neon.html), but was not back-ported to the RHEL 5 subversion packages. 


Version-Release number of selected component (if applicable):
subversion-1.6.11-12.el5_10


How reproducible:
Very easy to reproduce


Steps to Reproduce:
1. Set AuthzForceUsernameCase to lower in /etc/httpd/conf.d/subversion.conf (or a Subversion VirtualHost configuration). 
2. Restart/reload HTTPD which will be successful.
3. Attempt to authentication to Subversion, which will cause HTTPD to Segfault.
4. Comment out or remove the setting from the configuration, start HTTPD, and then authentication will work without issue.

Actual results:
In the HTTPD error logs, the following errors will be logged and HTTPD will crash.

[Wed Jan 20 12:57:07 2016] [notice] child pid 24667 exit signal Segmentation fault (11)
[Wed Jan 20 12:57:07 2016] [notice] child pid 24668 exit signal Segmentation fault (11)
[Wed Jan 20 12:57:07 2016] [notice] child pid 24669 exit signal Segmentation fault (11)
[Wed Jan 20 12:57:07 2016] [notice] child pid 24670 exit signal Segmentation fault (11)
[Wed Jan 20 12:57:07 2016] [notice] child pid 24671 exit signal Segmentation fault (11)
[Wed Jan 20 12:57:07 2016] [notice] child pid 24672 exit signal Segmentation fault (11)
[Wed Jan 20 12:57:07 2016] [notice] child pid 24673 exit signal Segmentation fault (11)
[Wed Jan 20 12:57:08 2016] [notice] child pid 24784 exit signal Segmentation fault (11)
[Wed Jan 20 12:57:09 2016] [notice] child pid 24785 exit signal Segmentation fault (11)

Expected results:
An user is able to authenticate to the subversion server successfully.
Comment 1 Joe Orton 2016-02-08 11:20:18 UTC 
Thanks for the report.  If you need this fixed in RHEL5 please open a support case so we can prioritise it.
Comment 2 Patrick Goodwin 2016-08-01 13:35:40 UTC 
Please close this Bugzilla report.
Comment 3 Chris Williams 2017-04-18 22:02:43 UTC 
Red Hat Enterprise Linux 5 shipped it's last minor release, 5.11, on September 14th, 2014. On March 31st, 2017 RHEL 5 exited Production Phase 3 and entered Extended Life Phase. For RHEL releases in the Extended Life Phase, Red Hat  will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.  If the customer purchases the Extended Life-cycle Support (ELS), certain critical-impact security fixes and selected urgent priority bug fixes for the last minor release will be provided.  For more details please consult the Red Hat Enterprise Linux Life Cycle Page:
https://access.redhat.com/support/policy/updates/errata

This BZ does not appear to meet ELS criteria so is being closed WONTFIX. If this BZ is critical for your environment and you have an Extended Life-cycle Support Add-on entitlement, please open a case in the Red Hat Customer Portal, https://access.redhat.com ,provide a thorough business justification and ask that the BZ be re-opened for consideration of an errata. Please note, only certain critical-impact security fixes and selected urgent priority bug fixes for the last minor release can be considered.