httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 44258] New: - possible memory leak (vhosts fault?) in apache-2.0.61 - reproducable
Date Thu, 17 Jan 2008 12:56:22 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=44258>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=44258

           Summary: possible memory leak (vhosts fault?) in apache-2.0.61 -
                    reproducable
           Product: Apache httpd-2
           Version: 2.0.61
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: critical
          Priority: P2
         Component: Core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: Craig@haquarter.de


Hi!
When checking a Servers reply to a HEAD request, I found, that the "Server: "
line contained some bytes from the apache config (part of a rewrite rule). When
saving the config with just commenting out the rewrite rule, other things
appeared in the Server header, e.g. "RealPlayer 4\.0 (the corresponding line in
the default config says: BrowserMatch "RealPlayer 4\.0" force-response-1.0).
Sometimes there are hex bytes in it, so it leaks from the memory, not from the
file directly.

To reproduce, do this:
tar xfvz httpd-2.0.61.tar.gz
cd httpd-2.0.61
./configure --prefix=/opt/apache2 --enable-rewrite --enable-so --enable-ssl &&
make && make install
cd /opt/apache2/conf
curl -O http://ge.mine.nu/httpd.conf

modify the file so that it fits to your IP config! Then:
/opt/apache2/bin/apachectl start

printf "HEAD / HTTP/1.1\r\nhost: www.f00bar.de\r\nConnection: close\r\n\r\n" |
nc 192.168.0.75 80

There might be some hex bytes in the output.

[root@e6600 ~]# printf "HEAD / HTTP/1.1\r\nhost: www.f00bar.de\r\nConnection:
close\r\n\r\n" | nc 192.168.0.75 80  | xxd
0000000: 4854 5450 2f31 2e31 2033 3031 204d 6f76  HTTP/1.1 301 Mov
0000010: 6564 2050 6572 6d61 6e65 6e74 6c79 0d0a  ed Permanently..
0000020: 4461 7465 3a20 5468 752c 2031 3720 4a61  Date: Thu, 17 Ja
0000030: 6e20 3230 3038 2031 323a 3439 3a34 3220  n 2008 12:49:42
0000040: 474d 540d 0a53 6572 7665 723a 2041 7061  GMT..Server: Apa
0000050: 6368 652f 322e 302e 3631 2028 556e 6978  che/2.0.61 (Unix
0000060: 2920 6d6f 645f 7373 6c2f 322e 302e 3631  ) mod_ssl/2.0.61
0000070: 20e8 d319 0888 d919 08f0 300b 08a0 8406   .........0.....
0000080: 0866 6f72 6365 2d72 6573 706f 6e73 652d  .force-response-
0000090: 312e 300d 0a4c 6f63 6174 696f 6e3a 202f  1.0..Location: /
00000a0: 6465 2f0d 0a43 6f6e 6e65 6374 696f 6e3a  de/..Connection:
00000b0: 2063 6c6f 7365 0d0a 436f 6e74 656e 742d   close..Content-
00000c0: 5479 7065 3a20 7465 7874 2f68 746d 6c3b  Type: text/html;
00000d0: 2063 6861 7273 6574 3d69 736f 2d38 3835   charset=iso-885
00000e0: 392d 310d 0a0d 0a                        9-1....

IMPORTANT!
If you cannot reproduce this (sometimes even a 1 char change in the config makes
this behaviour disapper or get you a completely different line!), use
192.168.0.75 temporarily, or just add/remove some blank lines from httpd.conf.
It WILL work, I've reproduced this behaviour on 2 Systems, one of them SLES9 SP3
i386 and one is a Gentoo System with latest patches.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message