Bug 826124 - Apache httpd seg faults in JON snmp agent module
Summary: Apache httpd seg faults in JON snmp agent module
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Web Server 2
Classification: JBoss
Component: httpd
Version: 2.0.0
Hardware: x86_64
OS: Linux
high
high
Target Milestone: ---
: 2.0.1
Assignee: Weinan Li
QA Contact:
URL:
Whiteboard:
Depends On: 846795 846796 850454 850455
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-05-29 16:24 UTC by Aaron Ogburn
Modified: 2018-11-28 20:32 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2014-01-03 12:58:20 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
Patch to fix seg fault when request method is null (657 bytes, patch)
2012-07-19 16:48 UTC, Larry O'Leary 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 134023 0 None None None 2012-07-19 17:09:46 UTC

Description Aaron Ogburn 2012-05-29 16:24:57 UTC 
Description of problem:

There appears to be seg fault issues in JON snmp agent module code.  Core backtrace points to the following::

#0  0x000000372b733cfa in __strcmp_ssse3 () from /lib64/libc.so.6
#1  0x00007fbb38296053 in get_request_type_index () from /opt/webserver/apache/modules/libsnmpmonagt.so
#2  0x00007fbb38291851 in covalent_snmp_logger (r=0x7fbaec017ca0) at snmpagent/mod-snmpagt.c:755
#3  0x0000000000429e40 in ap_run_log_transaction (r=0x7fbaec017ca0) at protocol.c:1697
#4  0x000000000042c0e7 in ap_read_request (conn=0x7fbb3005c828) at protocol.c:940
#5  0x0000000000442e50 in ap_process_http_connection (c=0x7fbb3005c828) at http_core.c:183
#6  0x000000000043f188 in ap_run_process_connection (c=0x7fbb3005c828) at connection.c:43
#7  0x000000000044ba2f in process_socket (thd=0xe6c860, dummy=<value optimized out>) at worker.c:544
#8  worker_thread (thd=0xe6c860, dummy=<value optimized out>) at worker.c:894
#9  0x000000372ba077f1 in start_thread () from /lib64/libpthread.so.0
#10 0x000000372b6e592d in clone () from /lib64/libc.so.6


Version-Release number of selected component (if applicable):

JON 2.3.0


How reproducible:

These events seem to correlate with invalid (blank) requests logged within the SSL access logfile w/HTTP Return code of 408.

  
Actual results:

Process seg faults.


Expected results:

Apache should not seg fault.


Additional info:
Comment 1 Charles Crouch 2012-06-11 14:54:25 UTC 
We should see if we can reproduce in the jon311 timeframe based on the associated support case and ...

"These events seem to correlate with invalid (blank) requests logged within the SSL access logfile w/HTTP Return code of 408."
Comment 2 Larry O'Leary 2012-07-19 16:48:14 UTC 
Created attachment 599203 [details]
Patch to fix seg fault when request method is null

Patch that will resolve this issue. The binaries also need to be rebuilt for all supported platforms and committed under etc/product_connectors/apache-snmp/binaries

Bug 826124 - Apache httpd seg faults in JON snmp agent module
If request method is undefined/empty, the call to get_request_type_index produced a seg fault when a strcmp is performed using the uninitialized memory.
The fix is to treat an undefined/empty request method the same as a undefined protocol and covalent_snmp_logger will simply report method (null) is unsupported.
Comment 4 Larry O'Leary 2012-08-03 01:14:25 UTC 
The source has been updated and committed but we still need to get the binaries prepped for packaging in the kits.
Comment 5 Charles Crouch 2012-08-28 18:24:47 UTC 
Setting to MODIFIED as all dependent issues are resolved
Comment 6 John Sanda 2012-08-30 01:51:20 UTC 
The CR1 build is available at
https://brewweb.devel.redhat.com/buildinfo?buildID=231258. Moving to ON_QA.
Note You need to log in before you can comment on or make changes to this bug.