perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philippe Chiasson <go...@ectoplasm.org>
Subject Re: Fix for Segfault with Apache and mod_perl
Date Thu, 20 Jun 2019 00:27:47 GMT
Looks good to me

Sent from the depths of my mind on an iPhone

> On Jun 19, 2019, at 17:22, Sam Vaughan <samjvaughan@gmail.com> wrote:
> 
> Hi mod_perl team,
> 
> I reported a bug yesterday to the Apache team, describing a segfault that only happens
if mod_perl is installed:
> 
> https://bz.apache.org/bugzilla/show_bug.cgi?id=63516
> 
> My impression was that it should be fixed in httpd2, but mod_perl is the only module
that adds a configuration flag to the global ap_server_config_defines array, so it has been
suggested that a one-line change go into the modperl_register_hooks() function instead:
> 
> Index: src/modules/perl/mod_perl.c
> --- src/modules/perl/mod_perl.c.orig
> +++ src/modules/perl/mod_perl.c
> @@ -861,7 +861,7 @@
> 
>     /* for <IfDefine MODPERL2> and Apache2->define("MODPERL2") */
>     *(char **)apr_array_push(ap_server_config_defines) =
> -        apr_pstrdup(p, "MODPERL2");
> +        apr_pstrdup(ap_server_config_defines->pool, "MODPERL2");
> 
>     ap_hook_pre_config(modperl_hook_pre_config,
>                        NULL, NULL, APR_HOOK_MIDDLE);
> 
> Essentially, the pool provided as an argument to this function doesn't have a long enough
lifetime to safely be used as backing storage for the "MODPERL2" string.  This change uses
the pool that the ap_server_config_defines array itself was created in, thereby giving the
"MODPERL2" string the same lifetime as the array it is being added to.
> 
> As far as I can tell, this use-after-free bug has been sitting there for quite a few
years now but Apache only segfaults if your OS is strict enough about reclaiming/unmapping
freed memory.
> 
> Currently, this issue causes httpd2 to segfault during startup the majority of the time
on OpenBSD 6.5.
> 
> I'd really appreciate it if someone could either confirm that the above patch is OK and
apply it to mod_perl, or jump on the above Apache bug report and add a comment explaining
why it isn't.
> 
> Thanks!
> 
> Sam
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
> For additional commands, e-mail: dev-help@perl.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org


Mime
View raw message