perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Hay <steve.m....@googlemail.com.INVALID>
Subject Re: Fix for Segfault with Apache and mod_perl
Date Thu, 20 Jun 2019 08:07:50 GMT
Looks fine to me too. Will give it a test...

On Thu, 20 Jun 2019 at 01:28, Philippe Chiasson <gozer@ectoplasm.org> wrote:
>
> Looks good to me
>
> Sent from the depths of my mind on an iPhone
>
> > On Jun 19, 2019, at 17:22, Sam Vaughan <samjvaughan@gmail.com> wrote:
> >
> > Hi mod_perl team,
> >
> > I reported a bug yesterday to the Apache team, describing a segfault that only happens
if mod_perl is installed:
> >
> > https://bz.apache.org/bugzilla/show_bug.cgi?id=63516
> >
> > My impression was that it should be fixed in httpd2, but mod_perl is the only module
that adds a configuration flag to the global ap_server_config_defines array, so it has been
suggested that a one-line change go into the modperl_register_hooks() function instead:
> >
> > Index: src/modules/perl/mod_perl.c
> > --- src/modules/perl/mod_perl.c.orig
> > +++ src/modules/perl/mod_perl.c
> > @@ -861,7 +861,7 @@
> >
> >     /* for <IfDefine MODPERL2> and Apache2->define("MODPERL2") */
> >     *(char **)apr_array_push(ap_server_config_defines) =
> > -        apr_pstrdup(p, "MODPERL2");
> > +        apr_pstrdup(ap_server_config_defines->pool, "MODPERL2");
> >
> >     ap_hook_pre_config(modperl_hook_pre_config,
> >                        NULL, NULL, APR_HOOK_MIDDLE);
> >
> > Essentially, the pool provided as an argument to this function doesn't have a long
enough lifetime to safely be used as backing storage for the "MODPERL2" string.  This change
uses the pool that the ap_server_config_defines array itself was created in, thereby giving
the "MODPERL2" string the same lifetime as the array it is being added to.
> >
> > As far as I can tell, this use-after-free bug has been sitting there for quite a
few years now but Apache only segfaults if your OS is strict enough about reclaiming/unmapping
freed memory.
> >
> > Currently, this issue causes httpd2 to segfault during startup the majority of the
time on OpenBSD 6.5.
> >
> > I'd really appreciate it if someone could either confirm that the above patch is
OK and apply it to mod_perl, or jump on the above Apache bug report and add a comment explaining
why it isn't.
> >
> > Thanks!
> >
> > Sam
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
> > For additional commands, e-mail: dev-help@perl.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
> For additional commands, e-mail: dev-help@perl.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org


Mime
View raw message