Return-Path: 
 <dev-return-74303-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-dev-archive@www.apache.org
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 3F46F90C8
	for <apmail-httpd-dev-archive@www.apache.org>;
 Tue, 31 Jan 2012 11:29:14 +0000 (UTC)
Received: (qmail 48007 invoked by uid 500); 31 Jan 2012 11:29:13 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 47656 invoked by uid 500); 31 Jan 2012 11:29:11 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
List-Id: <dev.httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 47642 invoked by uid 99); 31 Jan 2012 11:29:11 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 31 Jan 2012 11:29:11 +0000
X-ASF-Spam-Status: No, hits=-2.8 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_HI,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: local policy)
Received: from [15.192.0.44] (HELO g5t0007.atlanta.hp.com) (15.192.0.44)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 31 Jan 2012 11:29:02 +0000
Received: from G1W3635G.americas.hpqcorp.net (g1w3635g.austin.hp.com
 [16.193.48.86])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by g5t0007.atlanta.hp.com (Postfix) with ESMTPS id 907DB1407E;
	Tue, 31 Jan 2012 11:28:40 +0000 (UTC)
Received: from G9W0364.americas.hpqcorp.net (16.216.193.45) by
 G1W3635G.americas.hpqcorp.net (16.193.48.86) with Microsoft SMTP Server (TLS)
 id 14.1.289.1; Tue, 31 Jan 2012 11:27:34 +0000
Received: from G9W0715.americas.hpqcorp.net ([169.254.2.85]) by
 G9W0364.americas.hpqcorp.net ([16.216.193.45]) with mapi id 14.01.0289.001;
 Tue, 31 Jan 2012 11:27:33 +0000
From: "Rai, Pravesh R (STSD)" <pravesh.rai@hp.com>
To: "dev@httpd.apache.org" <dev@httpd.apache.org>, "dev@apr.apache.org"
	<dev@apr.apache.org>
CC: "Lamons, Scott (Open Source Program Office)" <scott.lamons@hp.com>,
	"Sutula, Bryan (Open Source Program Office)" <bryan.sutula@hp.com>,
	"Menkhus, Mark (HAS GSE SSRT)" <mark.menkhus@hp.com>, "Jones, Jason (Hou)"
	<Jason.Jones3@hp.com>, "Chow, William" <William.Chow@hp.com>, "Morris, John
 R. (SSRT - HAS GSE)" <john.morris@hp.com>, "Hibbard, Chris" <hibbard@hp.com>,
	"Agarwal, Shalini" <shalini.agarwal@hp.com>
Subject: Need feedback for proposed changes in Apache source
Thread-Topic: Need feedback for proposed changes in Apache source
Thread-Index: AcyvcR9fd2lVjxJ5RjOTqMP369tX+wtsQTUwALpEQUA=
Date: Tue, 31 Jan 2012 11:27:32 +0000
Message-ID: 
 <993D43657DC2C145BD68C27957B748622BA2611F@G9W0715.americas.hpqcorp.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
x-originating-ip: [16.216.12.12]
Content-Type: multipart/mixed;
	boundary="_005_993D43657DC2C145BD68C27957B748622BA2611FG9W0715americas_"
MIME-Version: 1.0

--_005_993D43657DC2C145BD68C27957B748622BA2611FG9W0715americas_
Content-Type: multipart/alternative;
	boundary="_000_993D43657DC2C145BD68C27957B748622BA2611FG9W0715americas_"

--_000_993D43657DC2C145BD68C27957B748622BA2611FG9W0715americas_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi,

We are using Apache 2.2.21 with our product in HP. As we all know that duri=
ng some failure operations, Windows OS stores the memory dump as .mdmp & .h=
dmp files. In our case we have observed credentials (in plain text) in thos=
e dump files, which is a security concern for us.

During our investigation, we found that Apache source uses memcpy() at many=
 places, which always leave behind the source string (in this case, credent=
ials in plain text) in the memory. Also observed that the destination buffe=
r, if bigger than the source buffer, always have remnants of its original c=
ontent after copy/move operations. Such memory locations hold the data for =
unknown longer duration & any exception during the course exposes all these=
 data in the dump file.

Have tried to modify few Apache source files, like:

httpd\srclib\apr-util\buckets\apr_brigade.c (diff file w.r.t. to Apache 2.2=
.21: diff_apr_brigade.c.txt)
httpd\modules\ssl\ssl_engine_io.c (diff file w.r.t. to Apache 2.2.21: diff_=
ssl_engine_io.c.txt)

Though the changes are minor & mainly intended to clean the buffer, but so =
far our Security testing team has not found any plain text credentials in a=
ny of our application dump files. Please go through these changes & let us =
know your views.

Thanks & Regards,
Pravesh

--_000_993D43657DC2C145BD68C27957B748622BA2611FG9W0715americas_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" xmlns:m=3D"http://schema=
s.microsoft.com/office/2004/12/omml" xmlns=3D"http://www.w3.org/TR/REC-html=
40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
span.EmailStyle18
	{mso-style-type:personal;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
span.EmailStyle19
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">Hi,<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">We are using Apache 2.2.21 with our product in HP. A=
s we all know that during some failure operations, Windows OS stores the me=
mory dump as .mdmp &amp; .hdmp files. In our case we have observed credenti=
als (in plain text) in those dump files,
 which is a security concern for us.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">During our investigation, we found that Apache sourc=
e uses memcpy() at many places, which always leave behind the source string=
 (in this case, credentials in plain text) in the memory. Also observed tha=
t the destination buffer, if bigger
 than the source buffer, always have remnants of its original content after=
 copy/move operations. Such memory locations hold the data for unknown long=
er duration &amp; any exception during the course exposes all these data in=
 the dump file.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Have tried to modify few Apache source files, like:<=
o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">httpd\srclib\apr-util\buckets\apr_brigade.c (diff fi=
le w.r.t. to
<b>Apache 2.2.21</b>: diff_apr_brigade.c.txt)<o:p></o:p></p>
<p class=3D"MsoNormal">httpd\modules\ssl\ssl_engine_io.c (diff file w.r.t. =
to <b>Apache 2.2.21</b>: diff_ssl_engine_io.c.txt)<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Though the changes are minor &amp; mainly intended t=
o clean the buffer, but so far our Security testing team has not found any =
plain text credentials in any of our application dump files. Please go thro=
ugh these changes &amp; let us know your views.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Thanks &amp; Regards,<o:p></o:p></p>
<p class=3D"MsoNormal">Pravesh<o:p></o:p></p>
</div>
</body>
</html>

--_000_993D43657DC2C145BD68C27957B748622BA2611FG9W0715americas_--

--_005_993D43657DC2C145BD68C27957B748622BA2611FG9W0715americas_
Content-Type: text/plain; name="diff_apr_brigade.c.txt"
Content-Description: diff_apr_brigade.c.txt
Content-Disposition: attachment; filename="diff_apr_brigade.c.txt"; size=322;
	creation-date="Tue, 31 Jan 2012 11:27:15 GMT";
	modification-date="Tue, 31 Jan 2012 11:27:15 GMT"
Content-Transfer-Encoding: base64

LS0tIGFwcl9icmlnYWRlX29yZy5jCUZyaSBKYW4gMjcgMTc6NTA6NDIgMjAxMg0KKysrIGFwcl9i
cmlnYWRlLmMJVHVlIERlYyAxMyAxMToyOTo0NyAyMDExDQpAQCAtMjUwLDYgKzI1MCw3IEBADQog
ICAgICAgICAgKiBObywgd2Ugb25seSBjb3B5IHRoZSBkYXRhIHVwIHRvIHRoZWlyIHJlcXVlc3Rl
ZCBzaXplLiAgLS0ganJlDQogICAgICAgICAgKi8NCiAgICAgICAgIG1lbWNweShjLCBzdHIsIHN0
cl9sZW4pOw0KKwkJbWVtc2V0KHN0ciwgMCwgc3RyX2xlbik7DQogDQogICAgICAgICBjICs9IHN0
cl9sZW47DQogICAgICAgICBhY3R1YWwgKz0gc3RyX2xlbjsNCg==

--_005_993D43657DC2C145BD68C27957B748622BA2611FG9W0715americas_
Content-Type: text/plain; name="diff_ssl_engine_io.c.txt"
Content-Description: diff_ssl_engine_io.c.txt
Content-Disposition: attachment; filename="diff_ssl_engine_io.c.txt";
	size=800; creation-date="Tue, 31 Jan 2012 11:27:15 GMT";
	modification-date="Tue, 31 Jan 2012 11:27:15 GMT"
Content-Transfer-Encoding: base64

LS0tIHNzbF9lbmdpbmVfaW9fb3JnLmMJRnJpIEphbiAyNyAxODoyNDozNCAyMDEyDQorKysgc3Ns
X2VuZ2luZV9pby5jCUZyaSBKYW4gMjcgMTc6NTg6MzkgMjAxMg0KQEAgLTM2Niw3ICszNjYsOSBA
QA0KICAgICBlbHNlIHsNCiAgICAgICAgIC8qIHN3YWxsb3cgcmVtYWluZGVyIG9mIHRoZSBidWZm
ZXIgKi8NCiAgICAgICAgIG1lbW1vdmUoaW4sIGJ1ZmZlci0+dmFsdWUsIGJ1ZmZlci0+bGVuZ3Ro
KTsNCi0gICAgICAgIGlubCA9IGJ1ZmZlci0+bGVuZ3RoOw0KKwkJbWVtc2V0KGluICsgYnVmZmVy
LT5sZW5ndGgsIDAsIEFQX0lPQlVGU0laRSAtIGJ1ZmZlci0+bGVuZ3RoKTsNCisNCisJCWlubCA9
IGJ1ZmZlci0+bGVuZ3RoOw0KICAgICAgICAgYnVmZmVyLT52YWx1ZSA9IE5VTEw7DQogICAgICAg
ICBidWZmZXItPmxlbmd0aCA9IDA7DQogICAgIH0NCkBAIC00NzgsNiArNDgwLDEwIEBADQogICAg
IC8qIE9wZW5TU0wgY2F0Y2hlcyB0aGlzIGNhc2UsIHNvIHNob3VsZCB3ZS4gKi8NCiAgICAgaWYg
KCFpbikNCiAgICAgICAgIHJldHVybiAwOw0KKw0KKwkvLyBDbGVhbmluZyB1cCB0aGUgZXhpc3Rp
bmcgYnVmZmVyLi4uDQorCWlmKGlubGVuIDwgQVBfSU9CVUZTSVpFKQ0KKwkJbWVtc2V0KGluICsg
aW5sZW4sIDAsIEFQX0lPQlVGU0laRSAtIGlubGVuKTsNCiANCiAgICAgLyogQWJvcnQgZWFybHkg
aWYgdGhlIGNsaWVudCBoYXMgaW5pdGlhdGVkIGEgcmVuZWdvdGlhdGlvbi4gKi8NCiAgICAgaWYg
KGluY3R4LT5maWx0ZXJfY3R4LT5jb25maWctPnJlbmVnX3N0YXRlID09IFJFTkVHX0FCT1JUKSB7
DQo=

--_005_993D43657DC2C145BD68C27957B748622BA2611FG9W0715americas_--