After upgrade to 6.5: Weird Apache2 perl_module behavior

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

After upgrade to 6.5: Weird Apache2 perl_module behavior

Harald Klimach
Hi there,

I’ve upgraded to 6.5 and now run into some trouble with Apache2.
I am using Redmine and some Perl script from them for access
limitation to some parts.
I am also using the dav_svn_module and the authz_svn_module.

After the upgrade I now get segmentation faults when running
httpd2. It looks like this is coming from the apache2/mod_perl.so.
But somehow there seems to be an interrelation with the dav_svn
module. After the Redmine module failed for some reason, and
I deactivate it, it still runs into segmentation faults until I deactivate
the svn modules and run apache with that configuration.
After it ran once without those modules I can activate them again
and start apache without running into a segmentation fault.
Maybe it is totally unrelated, and the segmentation faults only
happen by chance.
I don’t really know how to proceed to figure out the problem.
The segfault signal gets in ktrace reported like this:

92855 httpd2   PSIG  SIGSEGV SIG_DFL code SEGV_MAPERR<1> addr=0x35331a76028 trapno=6

The backtrace from the core file states:
#0  strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59
#1  0x00000350daf0dcfd in ap_array_str_contains () from /usr/local/sbin/httpd2
#2  0x00000350daf01341 in ap_read_config () from /usr/local/sbin/httpd2
#3  0x00000350daefbc16 in main () from /usr/local/sbin/httpd2

I am struggeling to get this down to something reproducible, but it eludes.
It looks like I can provoke the segmentation fault with the Redmine.pm script
(http://www.redmine.org/projects/redmine/repository/entry/trunk/extra/svn/Redmine.pm)
but after commenting it out, the failure persists as long as the perl_module is
loaded by Apache. As written above, I need to run the Apache without the svn
Modules, and afterwards it seems to work again.

Is there some caching involved for the perl modules?

This is with the mpm_prefork, when I run apache in debug (-X), I can avoid the
segmentation fault with Redmine.pm if I deactivate the svn modules.

How can I go about figuring out what is going wrong here?

Thanks!
Harald

Reply | Threaded
Open this post in threaded view
|

Re: After upgrade to 6.5: Weird Apache2 perl_module behavior

Sam Vaughan
I hit this recently too.  I finally had some time to track it down and it's a
use-after-free bug in Apache that looks like it's been there since at least
2016.

It's only triggered if you load a non-standard module like mod_perl that
inserts its own config defines into the server's global
ap_server_config_defines array:

    void modperl_register_hooks(apr_pool_t *p)
    {
        /* for <IfDefine MODPERL2> and Apache2->define("MODPERL2") */
        *(char **)apr_array_push(ap_server_config_defines) =
            apr_pstrdup(p, "MODPERL2");

Apache later clears out and frees that particular memory pool, and after
that it walks the ap_server_config_defines and segfaults.

Bug report here: https://bz.apache.org/bugzilla/show_bug.cgi?id=63516




--
Sent from: http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html

Reply | Threaded
Open this post in threaded view
|

Re: After upgrade to 6.5: Weird Apache2 perl_module behavior

Harald Klimach
Hi Sam,

> Bug report here: https://bz.apache.org/bugzilla/show_bug.cgi?id=63516
Great! Thanks a lot for tracking this down and the suggested patch in that ticket.
I’ll give that a try.

Best,
Harald