Bug 188073 - Apache 2.2 segfaults on x86_64 when mod_authnz_ldap is used for authentication
Apache 2.2 segfaults on x86_64 when mod_authnz_ldap is used for authentication
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: apr-util (Show other bugs)
5
x86_64 Linux
medium Severity high
: ---
: ---
Assigned To: Joe Orton
:
: 188353 197333 212473 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-04-05 15:26 EDT by Aleksander Adamowski
Modified: 2007-11-30 17:11 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-07-06 06:47:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Aleksander Adamowski 2006-04-05 15:26:35 EDT
Description of problem:

I have the following simple configuration of LDAP authentication:

------SNIP-------
<Location /burza>
AuthType Basic
AuthName "Employees only"
AuthBasicProvider ldap
AuthLDAPURL "ldap://localhost/o=Altkom?uid?sub
AuthzLDAPAuthoritative on
require valid-user
</Location>
------SNIP-------

When I connecto through HTTP and supply Basic authentication credentials, httpd
segfaults with the following message in httpd/error_log:

[Wed Apr 05 20:59:57 2006] [notice] child pid 2774 exit signal Segmentation
fault (11)


Version-Release number of selected component (if applicable):

httpd-2.2.0-5.1.2
openldap-2.3.19-4


How reproducible:


Steps to Reproduce:
1. Install and configure apache as above on a x86_64 machine
2. Connect using a browser and authenticate
  
Actual results:

Apache segfaults.


Expected results:

Authentication proceeds normally.


Additional info:

I've installed httpd-debuginfo RPM and configured apache according to
http://kbase.redhat.com/faq/FAQ_49_3652.shtm to dump core into /var/apache-dump/.

Then I've extracted a backtrace using gdb:

# gdb /usr/sbin/httpd core.929
GNU gdb Red Hat Linux (6.3.0.0-1.122rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...Using host libthread_db
library "/lib64/libthread_db.so.1".

Core was generated by `/usr/sbin/httpd -X'.
Program terminated with signal 11, Segmentation fault.
Loaded symbols for /usr/sbin/httpd
Reading symbols from /lib64/libm.so.6...done.
Loaded symbols for /lib64/libm.so.6

<...........>

Reading symbols from /usr/lib64/libnal.so.1...done.
Loaded symbols for /usr/lib64/libnal.so.1
#0  0x00002aaaab200826 in ldap_set_option () from /usr/lib64/libldap-2.3.so.0
(gdb) info threads
* 1 process 1096  0x00002aaaab200826 in ldap_set_option () from
/usr/lib64/libldap-2.3.so.0
(gdb) bt
#0  0x00002aaaab200826 in ldap_set_option () from /usr/lib64/libldap-2.3.so.0
#1  0x00002aaaadd5d1f4 in uldap_connection_open (r=0x5555557f13f8,
ldc=0x555555797160) at /usr/src/debug/httpd-2.2.0/modules/ldap/util_ldap.c:293
#2  0x00002aaaadd5e20b in uldap_cache_checkuserid (r=0x5555557f13f8,
ldc=0x555555797160, url=0x0, basedn=0x555555748488 "o=Altkom", scope=2,
attrs=0x555555748498,
    filter=0x7fffffb92990 "(&(objectclass=*)(uid=olo))", bindpw=0x5555557f604c
"ANONYMIZED", binddn=0x7fffffb92980, retvals=0x7fffffb92988)
    at /usr/src/debug/httpd-2.2.0/modules/ldap/util_ldap.c:920
#3  0x00002aaaade67a6d in authn_ldap_check_password (r=0x5555557f13f8,
user=0x5555557f6060 "olo", password=0x5555557f604c "ANONYMIZED")
    at /usr/src/debug/httpd-2.2.0/modules/aaa/mod_authnz_ldap.c:395
#4  0x00002aaaad03c160 in authenticate_basic_user (r=0x5555557f13f8) at
/usr/src/debug/httpd-2.2.0/modules/aaa/mod_auth_basic.c:230
#5  0x0000555555579312 in ap_run_check_user_id (r=0x5555557f13f8) at
/usr/src/debug/httpd-2.2.0/server/request.c:70
#6  0x000055555557a517 in ap_process_request_internal (r=0x5555557f13f8) at
/usr/src/debug/httpd-2.2.0/server/request.c:218
#7  0x000055555558bc18 in ap_process_request (r=0x5555557f13f8) at
/usr/src/debug/httpd-2.2.0/modules/http/http_request.c:256
#8  0x0000555555588ec0 in ap_process_http_connection (c=0x5555557e93c8) at
/usr/src/debug/httpd-2.2.0/modules/http/http_core.c:171
#9  0x0000555555585192 in ap_run_process_connection (c=0x5555557e93c8) at
/usr/src/debug/httpd-2.2.0/server/connection.c:43
#10 0x000055555558f5fb in child_main (child_num_arg=Variable "child_num_arg" is
not available.
) at /usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:640
#11 0x000055555558f88a in make_child (s=0x5555556b3138, slot=1) at
/usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:736
#12 0x000055555558f940 in startup_children (number_to_start=7) at
/usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:754
#13 0x0000555555590636 in ap_mpm_run (_pconf=Variable "_pconf" is not available.
) at /usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:975
#14 0x000055555556b59c in main (argc=1, argv=0x7fffffb94f78) at
/usr/src/debug/httpd-2.2.0/server/main.c:712
(gdb) quit
Comment 1 Aleksander Adamowski 2006-04-06 05:57:55 EDT
The previous backtrace lacked OpenLDAP libraries debugging information. I've
installed openldap-debug and here it is again:


Reading symbols from /usr/lib64/libnal.so.1...done.
Loaded symbols for /usr/lib64/libnal.so.1
#0  ldap_set_option (ld=0x557f7820, option=2, invalue=0x55555579718c) at
../../../libraries/libldap/options.c:358
358                     assert( LDAP_VALID( ld ) );
(gdb) bt
#0  ldap_set_option (ld=0x557f7820, option=2, invalue=0x55555579718c) at
../../../libraries/libldap/options.c:358
#1  0x00002aaaadd5d1f4 in uldap_connection_open (r=0x5555557f13f8,
ldc=0x555555797160) at /usr/src/debug/httpd-2.2.0/modules/ldap/util_ldap.c:293
#2  0x00002aaaadd5e20b in uldap_cache_checkuserid (r=0x5555557f13f8,
ldc=0x555555797160, url=0x0, basedn=0x555555748488 "o=Altkom", scope=2,
attrs=0x555555748498, 
    filter=0x7fffffb9ffb0 "(&(objectclass=*)(uid=olo))", bindpw=0x5555557f604c
"ANONYMIZED", binddn=0x7fffffb9ffa0, retvals=0x7fffffb9ffa8) at
/usr/src/debug/httpd-2.2.0/modules/ldap/util_ldap.c:920
#3  0x00002aaaade67a6d in authn_ldap_check_password (r=0x5555557f13f8,
user=0x5555557f6060 "olo", password=0x5555557f604c "ANONYMIZED") at
/usr/src/debug/httpd-2.2.0/modules/aaa/mod_authnz_ldap.c:395
#4  0x00002aaaad03c160 in authenticate_basic_user (r=0x5555557f13f8) at
/usr/src/debug/httpd-2.2.0/modules/aaa/mod_auth_basic.c:230
#5  0x0000555555579312 in ap_run_check_user_id (r=0x5555557f13f8) at
/usr/src/debug/httpd-2.2.0/server/request.c:70
#6  0x000055555557a517 in ap_process_request_internal (r=0x5555557f13f8) at
/usr/src/debug/httpd-2.2.0/server/request.c:218
#7  0x000055555558bc18 in ap_process_request (r=0x5555557f13f8) at
/usr/src/debug/httpd-2.2.0/modules/http/http_request.c:256
#8  0x0000555555588ec0 in ap_process_http_connection (c=0x5555557e93f8) at
/usr/src/debug/httpd-2.2.0/modules/http/http_core.c:171
#9  0x0000555555585192 in ap_run_process_connection (c=0x5555557e93f8) at
/usr/src/debug/httpd-2.2.0/server/connection.c:43
#10 0x000055555558f5fb in child_main (child_num_arg=Variable "child_num_arg" is
not available.
) at /usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:640
#11 0x000055555558f88a in make_child (s=0x5555556b3138, slot=1) at
/usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:736
#12 0x000055555558f940 in startup_children (number_to_start=7) at
/usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:754
#13 0x0000555555590636 in ap_mpm_run (_pconf=Variable "_pconf" is not available.
) at /usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:975
#14 0x000055555556b59c in main (argc=1, argv=0x7fffffba2598) at
/usr/src/debug/httpd-2.2.0/server/main.c:712
Comment 2 Joe Orton 2006-04-06 08:23:25 EDT
Thanks for the report, I can reproduce this here; there is stack corruption
happening somewhere, not sure where yet.
Comment 3 Joe Orton 2006-04-06 08:35:58 EDT
OK, this is mostly an apr-util issue.
Comment 4 Joe Orton 2006-04-10 08:05:10 EDT
*** Bug 188353 has been marked as a duplicate of this bug. ***
Comment 5 Aleksander Adamowski 2006-04-11 08:43:35 EDT
I've installed apr-util 1.2.6-1 from updates-testing. Apache still segaults, but
the backtrace is different this time:

Reading symbols from /usr/lib64/httpd/modules/mod_authz_svn.so...done.
Loaded symbols for /etc/httpd/modules/mod_authz_svn.so
#0  0x00002aaaadd5e447 in uldap_cache_checkuserid (r=0x555555803ef8,
ldc=0x5555556b4020, url=Variable "url" is not available.
) at /usr/src/debug/httpd-2.2.0/modules/ldap/util_ldap.c:1025
1025                while (values && values[j]) {
(gdb) bt
#0  0x00002aaaadd5e447 in uldap_cache_checkuserid (r=0x555555803ef8,
ldc=0x5555556b4020, url=Variable "url" is not available.
) at /usr/src/debug/httpd-2.2.0/modules/ldap/util_ldap.c:1025
#1  0x00002aaaade67a6d in authn_ldap_check_password (r=0x555555803ef8,
user=0x555555819480 "olo", password=0x55555581946c "ANONYMIZED") at
/usr/src/debug/httpd-2.2.0/modules/aaa/mod_authnz_ldap.c:395
#2  0x00002aaaad03c160 in authenticate_basic_user (r=0x555555803ef8) at
/usr/src/debug/httpd-2.2.0/modules/aaa/mod_auth_basic.c:230
#3  0x0000555555579312 in ap_run_check_user_id (r=0x555555803ef8) at
/usr/src/debug/httpd-2.2.0/server/request.c:70
#4  0x000055555557a517 in ap_process_request_internal (r=0x555555803ef8) at
/usr/src/debug/httpd-2.2.0/server/request.c:218
#5  0x000055555558bc18 in ap_process_request (r=0x555555803ef8) at
/usr/src/debug/httpd-2.2.0/modules/http/http_request.c:256
#6  0x0000555555588ec0 in ap_process_http_connection (c=0x5555557f5778) at
/usr/src/debug/httpd-2.2.0/modules/http/http_core.c:171
#7  0x0000555555585192 in ap_run_process_connection (c=0x5555557f5778) at
/usr/src/debug/httpd-2.2.0/server/connection.c:43
#8  0x000055555558f5fb in child_main (child_num_arg=Variable "child_num_arg" is
not available.
) at /usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:640
#9  0x000055555558f88a in make_child (s=0x5555556b3138, slot=3) at
/usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:736
#10 0x000055555558f940 in startup_children (number_to_start=3) at
/usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:754
#11 0x0000555555590636 in ap_mpm_run (_pconf=Variable "_pconf" is not available.
) at /usr/src/debug/httpd-2.2.0/server/mpm/prefork/prefork.c:975
#12 0x000055555556b59c in main (argc=1, argv=0x7fffff88b228) at
/usr/src/debug/httpd-2.2.0/server/main.c:712

Comment 6 Joe Orton 2006-04-11 08:45:46 EDT
Yes, it needs an httpd rebuild as well as an apr-util rebuild - it's in progress!
Comment 7 Joe Orton 2006-04-12 10:10:16 EDT
This should be fixed by the packages in testing:

# yum --enablerepo=updates-testing update apr-util httpd
Comment 8 jay dwyer 2006-04-15 23:50:36 EDT
installed packages from updates testing,

and woo-hoo, its all good now!

well, at my site at least.

cheers,

j

Comment 9 Aleksander Adamowski 2006-04-18 06:50:49 EDT
I've just tested (the httpd packages have finally arrived at my mirror...) and
it works good!

The bug can be closed, packages can go to updates IMHO.
Comment 10 Łukasz Trąbiński 2006-04-20 07:20:36 EDT
I can confirm that packages from updates/test works OK. We had problem with
php-ldap with squirrelmail, now is OK.
Comment 11 Joe Orton 2006-07-03 05:07:03 EDT
*** Bug 197333 has been marked as a duplicate of this bug. ***
Comment 12 Joe Orton 2006-07-06 06:47:55 EDT
apr-util-1.2.7-1.1 packages pushed to updates which fix the apr-util side of this.
Comment 13 Jeff Strunk 2006-10-26 17:34:29 EDT
*** Bug 212473 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.