Bug 159289
Summary: | mod_auth_ldap causes httpd child segfault when used with other mod_auth_* | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | Jared Jennings <jared.jennings> |
Component: | httpd | Assignee: | Joe Orton <jorton> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4.0 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | RHBA-2005-622 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-10-05 15:38:14 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 156322 |
Description
Jared Jennings
2005-06-01 13:59:30 UTC
Thanks at lot for the report and patch. This looks sensible; it should probably be changed to return HTTP_FORBIDDEN instead of DECLINE-ing if mod_auth_ldap is configured to be authoritative for the request context, however. diff -ru httpd-2.0.52-rh/modules/experimental/mod_auth_ldap.c httpd- 2.0.52/modules/experimental/mod_auth_ldap.c --- httpd-2.0.52-rh/modules/experimental/mod_auth_ldap.c 2004-05-21 18:39:41.000000000 -0500 +++ httpd-2.0.52/modules/experimental/mod_auth_ldap.c 2005-06-09 09:34:43.821911226 -0500 @@ -431,6 +431,15 @@ return DECLINED; } + if (!req) { + /* Some other module did the check_user_id step and now we're getting + * called on the auth_checker step. req contains nothing and if we + * try to access it we'll segfault. Run away! Run away! + * [Jared L. Jennings, 12 May 2005] + */ + return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED; + } + if (sec->host) { ldc = util_ldap_connection_find(r, sec->host, sec->port, sec->binddn, sec->bindpw, sec->deref, Thanks again for the patch. Experimental test update packages, including this patch and a number of other stability fixes for mod_ldap/mod_auth_ldap, are available here: http://people.redhat.com/jorton/Nahant-httpd/ An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2005-622.html |