Summary: | SIGSEV when lacking correct DB access permissions | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Jose Kahan <jose> |
Component: | mod_authz_dbd | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ylavic.dev |
Priority: | P2 | Keywords: | FixedInTrunk, PatchAvailable |
Version: | 2.5-HEAD | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Linux | ||
Attachments: |
Fixes sigsev in mod_authz_dbd when server lacks access rights to the db table
Fixes sigsev in mod_authz_dbd when server lacks access rights to the db table |
Thanks for the report, but attachment 32696 [details] does not look correct (simple text, not a patch).
Created attachment 32811 [details]
Fixes sigsev in mod_authz_dbd when server lacks access rights to the db table
Resubmitting as my previous patch upload failed. Sorry about that!
Tested with apache_2.4.10, but patch submitted against trunk as this module has not changed between these versions.
(In reply to Jose Kahan from comment #0) > I didn't check to see if it also occurs in other nz modules based on mod_dbd.c Apparently, ap_dbd_acquire is only used in mod_authz_dbd, mod_authn_dbd, mod_session_dbd and mod_rewrite. You fixed the first one. mod_authn_dbd and mod_session_dbd already have a test to check for NULL. mod_rewrite seems to have the same problem in 'lookup_map_dbd'. I'll check deeper and propose a patch if confirmed. RewriteMap with MapType bbd or fastdbd has the same issue. Proposed patch committed in r1695170 This is in 2.4.17 |
Created attachment 32696 [details] Fixes sigsev in mod_authz_dbd when server lacks access rights to the db table If the dbd handle preparation fails due to a misconfiguration of the database server or the access rights to the table, the server logs something along these lines: AH00632: failed to prepare SQL statements: UPDATE command denied to user 'foo'@'exampleorg' for table 'bar' As a consequence, the call to dbd_handle(r) returns NULL. However, in mod_authz_dbd, there was no control for the value of dbd before its being used in both authz_dbd_login() and authzdbd_group(): ap_dbd_t *dbd = dbd_handle(r); ... query = apr_hash_get(dbd->prepared, <--- SIGSEV I'm attaching a patch that solves this issue. I didn't check to see if it also occurs in other nz modules based on mod_dbd.c