Bug 826124 - Apache httpd seg faults in JON snmp agent module
Apache httpd seg faults in JON snmp agent module
Status: CLOSED CURRENTRELEASE
Product: JBoss Enterprise Web Server 2
Classification: JBoss
Component: httpd (Show other bugs)
2.0.0
x86_64 Linux
high Severity high
: ---
: 2.0.1
Assigned To: Weinan Li
:
Depends On: 846795 846796 850454 850455
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-29 12:24 EDT by Aaron Ogburn
Modified: 2014-01-03 07:58 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-01-03 07:58:20 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to fix seg fault when request method is null (657 bytes, patch)
2012-07-19 12:48 EDT, Larry O'Leary
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 134023 None None None 2012-07-19 13:09:46 EDT

  None (edit)
Description Aaron Ogburn 2012-05-29 12:24:57 EDT
Description of problem:

There appears to be seg fault issues in JON snmp agent module code.  Core backtrace points to the following::

#0  0x000000372b733cfa in __strcmp_ssse3 () from /lib64/libc.so.6
#1  0x00007fbb38296053 in get_request_type_index () from /opt/webserver/apache/modules/libsnmpmonagt.so
#2  0x00007fbb38291851 in covalent_snmp_logger (r=0x7fbaec017ca0) at snmpagent/mod-snmpagt.c:755
#3  0x0000000000429e40 in ap_run_log_transaction (r=0x7fbaec017ca0) at protocol.c:1697
#4  0x000000000042c0e7 in ap_read_request (conn=0x7fbb3005c828) at protocol.c:940
#5  0x0000000000442e50 in ap_process_http_connection (c=0x7fbb3005c828) at http_core.c:183
#6  0x000000000043f188 in ap_run_process_connection (c=0x7fbb3005c828) at connection.c:43
#7  0x000000000044ba2f in process_socket (thd=0xe6c860, dummy=<value optimized out>) at worker.c:544
#8  worker_thread (thd=0xe6c860, dummy=<value optimized out>) at worker.c:894
#9  0x000000372ba077f1 in start_thread () from /lib64/libpthread.so.0
#10 0x000000372b6e592d in clone () from /lib64/libc.so.6


Version-Release number of selected component (if applicable):

JON 2.3.0


How reproducible:

These events seem to correlate with invalid (blank) requests logged within the SSL access logfile w/HTTP Return code of 408.

  
Actual results:

Process seg faults.


Expected results:

Apache should not seg fault.


Additional info:
Comment 1 Charles Crouch 2012-06-11 10:54:25 EDT
We should see if we can reproduce in the jon311 timeframe based on the associated support case and ...

"These events seem to correlate with invalid (blank) requests logged within the SSL access logfile w/HTTP Return code of 408."
Comment 2 Larry O'Leary 2012-07-19 12:48:14 EDT
Created attachment 599203 [details]
Patch to fix seg fault when request method is null

Patch that will resolve this issue. The binaries also need to be rebuilt for all supported platforms and committed under etc/product_connectors/apache-snmp/binaries

Bug 826124 - Apache httpd seg faults in JON snmp agent module
If request method is undefined/empty, the call to get_request_type_index produced a seg fault when a strcmp is performed using the uninitialized memory.
The fix is to treat an undefined/empty request method the same as a undefined protocol and covalent_snmp_logger will simply report method (null) is unsupported.
Comment 4 Larry O'Leary 2012-08-02 21:14:25 EDT
The source has been updated and committed but we still need to get the binaries prepped for packaging in the kits.
Comment 5 Charles Crouch 2012-08-28 14:24:47 EDT
Setting to MODIFIED as all dependent issues are resolved
Comment 6 John Sanda 2012-08-29 21:51:20 EDT
The CR1 build is available at
https://brewweb.devel.redhat.com/buildinfo?buildID=231258. Moving to ON_QA.

Note You need to log in before you can comment on or make changes to this bug.