httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: Segfault with fix for CVE-2009-1891
Date Mon, 03 Aug 2009 11:09:35 GMT


On 08/03/2009 12:52 PM, Joe Orton wrote:
> On Tue, Jul 28, 2009 at 07:35:25PM +0200, Stefan Fritsch wrote:
>> Hi,
>>
>> I have backported r791454 to 2.2.3 in Debian 4.0 and have received a
>> report [1] about segfaults with mod_deflate and mod_php (5.2.0). As
>> far as I understand it, the reason is that mod_php uses ap_rwrite
>> which creates transient buckets. When the connection is closed by the
>> client, these buckets sometimes stay in the bucket brigade when
>> ap_pass_brigade returns an error for the compressed data of an
>> earlier bucket. If deflate_out_filter gets called again with the same
>> brigade, the memory of the transient buckets is no longer valid,
>> causing a segfault.
> 
> This sounds exactly like:
> 
> https://issues.apache.org/bugzilla/show_bug.cgi?id=36780
> 
> I've proposed the fix for backport:
> 
> https://issues.apache.org/bugzilla/attachment.cgi?id=24087

Yes, but AFAIU Stefan it doesn't happen with 2.2.11 which does not
contain this patch :-).
Nevertheless backporting this is good.

Regards

RĂ¼diger



Mime
View raw message