httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: Segfault with fix for CVE-2009-1891
Date Mon, 03 Aug 2009 10:52:45 GMT
On Tue, Jul 28, 2009 at 07:35:25PM +0200, Stefan Fritsch wrote:
> Hi,
> 
> I have backported r791454 to 2.2.3 in Debian 4.0 and have received a
> report [1] about segfaults with mod_deflate and mod_php (5.2.0). As
> far as I understand it, the reason is that mod_php uses ap_rwrite
> which creates transient buckets. When the connection is closed by the
> client, these buckets sometimes stay in the bucket brigade when
> ap_pass_brigade returns an error for the compressed data of an
> earlier bucket. If deflate_out_filter gets called again with the same
> brigade, the memory of the transient buckets is no longer valid,
> causing a segfault.

This sounds exactly like:

https://issues.apache.org/bugzilla/show_bug.cgi?id=36780

I've proposed the fix for backport:

https://issues.apache.org/bugzilla/attachment.cgi?id=24087

Regards, Joe


Mime
View raw message