perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Hay <steve.m....@googlemail.com.INVALID>
Subject Re: Fix for Segfault with Apache and mod_perl
Date Fri, 21 Jun 2019 08:55:04 GMT
Yes, I'd like to do a 2.0.11 soon: We have a few bug fixes committed
since 2.0.10 and this crash fix seems like a good time to make a new
release.
I'll try to get the wheels in motion for an RC1 :-)

On Fri, 21 Jun 2019 at 08:56, Sam Vaughan <samjvaughan@gmail.com> wrote:
>
> That's great thanks Steve, much appreciated!
>
> Will there be a 2.0.11 release with this fix?
>
> Cheers,
>
> Sam
>
> > On 21 Jun 2019, at 5:38 pm, Steve Hay <steve.m.hay@googlemail.com> wrote:
> >
> > Thanks for the report, Sam (and to Joe for the fix). This is now
> > committed to mod_perl trunk:
> > http://svn.apache.org/viewvc?view=revision&revision=1861755
> >
> > On Thu, 20 Jun 2019 at 09:07, Steve Hay <steve.m.hay@googlemail.com> wrote:
> >>
> >> Looks fine to me too. Will give it a test...
> >>
> >> On Thu, 20 Jun 2019 at 01:28, Philippe Chiasson <gozer@ectoplasm.org>
wrote:
> >>>
> >>> Looks good to me
> >>>
> >>> Sent from the depths of my mind on an iPhone
> >>>
> >>>> On Jun 19, 2019, at 17:22, Sam Vaughan <samjvaughan@gmail.com>
wrote:
> >>>>
> >>>> Hi mod_perl team,
> >>>>
> >>>> I reported a bug yesterday to the Apache team, describing a segfault
that only happens if mod_perl is installed:
> >>>>
> >>>> https://bz.apache.org/bugzilla/show_bug.cgi?id=63516
> >>>>
> >>>> My impression was that it should be fixed in httpd2, but mod_perl is
the only module that adds a configuration flag to the global ap_server_config_defines array,
so it has been suggested that a one-line change go into the modperl_register_hooks() function
instead:
> >>>>
> >>>> Index: src/modules/perl/mod_perl.c
> >>>> --- src/modules/perl/mod_perl.c.orig
> >>>> +++ src/modules/perl/mod_perl.c
> >>>> @@ -861,7 +861,7 @@
> >>>>
> >>>>    /* for <IfDefine MODPERL2> and Apache2->define("MODPERL2")
*/
> >>>>    *(char **)apr_array_push(ap_server_config_defines) =
> >>>> -        apr_pstrdup(p, "MODPERL2");
> >>>> +        apr_pstrdup(ap_server_config_defines->pool, "MODPERL2");
> >>>>
> >>>>    ap_hook_pre_config(modperl_hook_pre_config,
> >>>>                       NULL, NULL, APR_HOOK_MIDDLE);
> >>>>
> >>>> Essentially, the pool provided as an argument to this function doesn't
have a long enough lifetime to safely be used as backing storage for the "MODPERL2" string.
 This change uses the pool that the ap_server_config_defines array itself was created in,
thereby giving the "MODPERL2" string the same lifetime as the array it is being added to.
> >>>>
> >>>> As far as I can tell, this use-after-free bug has been sitting there
for quite a few years now but Apache only segfaults if your OS is strict enough about reclaiming/unmapping
freed memory.
> >>>>
> >>>> Currently, this issue causes httpd2 to segfault during startup the majority
of the time on OpenBSD 6.5.
> >>>>
> >>>> I'd really appreciate it if someone could either confirm that the above
patch is OK and apply it to mod_perl, or jump on the above Apache bug report and add a comment
explaining why it isn't.
> >>>>
> >>>> Thanks!
> >>>>
> >>>> Sam
> >>>>
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
> >>>> For additional commands, e-mail: dev-help@perl.apache.org
> >>>>
> >>>
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
> >>> For additional commands, e-mail: dev-help@perl.apache.org
> >>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
> For additional commands, e-mail: dev-help@perl.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org


Mime
View raw message