perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philippe Chiasson <>
Subject Re: Fix for Segfault with Apache and mod_perl
Date Thu, 20 Jun 2019 00:27:47 GMT
Looks good to me

Sent from the depths of my mind on an iPhone

> On Jun 19, 2019, at 17:22, Sam Vaughan <> wrote:
> Hi mod_perl team,
> I reported a bug yesterday to the Apache team, describing a segfault that only happens
if mod_perl is installed:
> My impression was that it should be fixed in httpd2, but mod_perl is the only module
that adds a configuration flag to the global ap_server_config_defines array, so it has been
suggested that a one-line change go into the modperl_register_hooks() function instead:
> Index: src/modules/perl/mod_perl.c
> --- src/modules/perl/mod_perl.c.orig
> +++ src/modules/perl/mod_perl.c
> @@ -861,7 +861,7 @@
>     /* for <IfDefine MODPERL2> and Apache2->define("MODPERL2") */
>     *(char **)apr_array_push(ap_server_config_defines) =
> -        apr_pstrdup(p, "MODPERL2");
> +        apr_pstrdup(ap_server_config_defines->pool, "MODPERL2");
>     ap_hook_pre_config(modperl_hook_pre_config,
>                        NULL, NULL, APR_HOOK_MIDDLE);
> Essentially, the pool provided as an argument to this function doesn't have a long enough
lifetime to safely be used as backing storage for the "MODPERL2" string.  This change uses
the pool that the ap_server_config_defines array itself was created in, thereby giving the
"MODPERL2" string the same lifetime as the array it is being added to.
> As far as I can tell, this use-after-free bug has been sitting there for quite a few
years now but Apache only segfaults if your OS is strict enough about reclaiming/unmapping
freed memory.
> Currently, this issue causes httpd2 to segfault during startup the majority of the time
on OpenBSD 6.5.
> I'd really appreciate it if someone could either confirm that the above patch is OK and
apply it to mod_perl, or jump on the above Apache bug report and add a comment explaining
why it isn't.
> Thanks!
> Sam
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message