Bug 1757196 - httpd 2.4.41 does not handle CGI PIPES correctly. *Production Server in danger*
Summary: httpd 2.4.41 does not handle CGI PIPES correctly. *Production Server in danger*
Keywords:
Status: CLOSED DUPLICATE of bug 1757683
Alias: None
Product: Fedora
Classification: Fedora
Component: httpd
Version: 29
Hardware: x86_64
OS: All
unspecified
urgent
Target Milestone: ---
Assignee: Luboš Uhliarik
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-09-30 19:36 UTC by customercare
Modified: 2019-10-02 10:11 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2019-10-02 10:11:49 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description customercare 2019-09-30 19:36:58 UTC 
Description of problem:

this morning 2.4.41 got auto installed. Since then, PHP scripts with bigger outputs, like PDF files are not terminating, because httpd does not read the CGI mode pipe.

PHP processes are stuck in a write().

Because they are stuck and not terminating, they stack with new page visits coming in, to a point where all memory is consumed => OOM/DOS

a httpd restart (with 2.4.41 ) does not change anything, so it's not a shm problem, or a stuck pipe in one of the main processes. 

for smaller pages, 2.4.41 reacts normally, so not all php scripts get stuck.

A strace and ltrace confirm the finding. ltrace does not show any activity and strace shows write ( ...... ) = 543456 and no more activity.

soon as 2.4.39-3 was reinstalled, php started to work normally again.

httpd is configured with:

- MPM_EVENT
- cgiwrapper


        ├─httpd─┬─httpd(apache)─┬─php-cgi(XXXXXXXXXXXXXXX)
        │       │               ├─10*[php-cgi(werbegem)]
        │       │               ├─php-cgi(zorbas)
        │       │               └─php-cgi(XXXXXXXXXX)
        │       └─4*[httpd(apache)───63*[{httpd}]]

via
                AddHandler php-script .php .pl .rb .py .exe .cgi .sh 
                Action php-script /cgi-sys/cgiwrap64

cgiwraper is unchanged since months now and just drops privileges and executes php-cgi ... scriptname .. So pipelining is done between php and httpd 

Example for proplematic php code:

                file_put_contents( "/tmp/.temp.html" , $htmlcode);
                passthru ( "/wkhtmltox/bin/wkhtmltopdf --print-media-type --load-error-handling skip /tmp/.temp.html /tmp/.temp.pdf", $rc);
                ob_end_clean();
                print file_get_contents("/tmp/.temp.pdf"); <<<<<< never returns
                // file_put_contents( "/tmp/.temp.rc" , $rc);
                unlink("/tmp/.temp.html");
                unlink("/tmp/.temp.pdf");





Version-Release number of selected component (if applicable):

2.4.41-1 F29 x86_64


Actual results:

500kb php outputs get stuck in write()

Expected results:

correct handling of the pipe as in 2.4.39-3


SOLUTION for now:

dnf downgrade httpd
dnf update https://kojipkgs.fedoraproject.org//packages/httpd/2.4.39/3.fc29/x86_64/httpd-2.4.39-3.fc29.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/httpd/2.4.39/3.fc29/x86_64/mod_ssl-2.4.39-3.fc29.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/httpd/2.4.39/3.fc29/x86_64/httpd-tools-2.4.39-3.fc29.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/httpd/2.4.39/3.fc29/noarch/httpd-filesystem-2.4.39-3.fc29.noarch.rpm
systemctl restart httpd
Comment 1 Joe Orton 2019-10-02 10:11:49 UTC 
Let's track this in 1757683 - probably common root cause.

*** This bug has been marked as a duplicate of bug 1757683 ***
Note You need to log in before you can comment on or make changes to this bug.