115496 – connection reuse issues

Bug 115496 - connection reuse issues

Summary: connection reuse issues

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	mod_auth_pgsql
Sub Component:
Version:	3.0
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Joe Orton
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-02-13 01:09 UTC by Philip Edelbrock
Modified:	2007-11-30 22:07 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-09-02 03:14:23 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2004:317	0	normal	SHIPPED_LIVE	Updated mod_auth_pgsql package	2004-09-01 04:00:00 UTC

Description Philip Edelbrock 2004-02-13 01:09:49 UTC

Description of problem:

mod_auth_pgsql does not release database connections each time a
browser hits a page protected by it.  The result is an eventual
consumption of concurrently open database connections.

Version-Release number of selected component (if applicable):

mod_auth_pgsql-2.0.1-3.ent

How reproducible:

Always reproducable and resulting in an http DoS of web directories
protected by mod_auth_pgsql.

Steps to Reproduce:
1. password protect a directory via mod_auth_pgsql
2. authenticate a browser into the directory
3. reload the page lots of times
4. even with the database backend configured to handle many
connections (say, 128 or more), mod_auth_pgsql keeps opening new
connections until it maxes out at 64 similtanious connections. 

Actual results:

Many, many idle processes representing unclosed database connections
are created, e.g:

postgres  9397  0.0  0.3 12360 3644 pts/1    S    16:32   0:00
postgres: postgres hpgrants 127.0.0.1 idle

Apache begins to log messages like this:
[Fri Feb 13 16:58:40 2004] [error] [client 206.228.191.7]
mod_auth_pgsql database connection error reset failed FATAL:  Sorry,
too many clients already!

Browsers attempting to access mod_auth_psql protected pages get
"Internal Server Error" from Apache.

The overall result is that mod_auth_pgsql on RHE3 causes a delayed
DoS.  RHE2.1 does not have this problem.


Expected results:

Obviously, the server should continue to serve protected pages after
the first 64 hits.


Additional info:

Reading in the mod_auth_pgsql source/docs in the version used in RHE3,
an experimental method reusing open database connections was
implemented but had some problems.  It's possible (likely?) that the
source snapshot in RHE3 not only attempts to use this experimental
optimization, but is using a broken version of it.

Comment 1 Philip Edelbrock 2004-02-13 19:35:51 UTC

Downloading mod_auth_pgsql-2.0.2b1 and installing it via this seems to
fix the problem:

# apxs  -i -a -c -lpq mod_auth_pgsql.c

 -Phil

Comment 2 Joe Orton 2004-06-25 13:17:51 UTC

Thanks for the report, apologies for the delay in response.  The fix
from 2.0.2b1 to disable connection reuse has been integrated for the
next update, along with other fixes.  Test packages are available here:

http://people.redhat.com/jorton/Taroon-map/

Comment 3 Jay Turner 2004-09-02 03:14:24 UTC

An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2004-317.html

Note You need to log in before you can comment on or make changes to this bug.