54881 – segfault with SetEnvIfExpr and SetEnvIf

Bug 54881 - segfault with SetEnvIfExpr and SetEnvIf

Summary: segfault with SetEnvIfExpr and SetEnvIf

Status:	RESOLVED FIXED

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_setenvif (show other bugs)
Version:	2.4.4
Hardware:	PC Linux

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:	FixedInTrunk, PatchAvailable

Depends on:
Blocks:

Reported:	2013-04-24 08:51 UTC by Reto Ischi
Modified:	2013-04-26 11:42 UTC (History)
CC List:	1 user (show)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Reto Ischi 2013-04-24 08:51:18 UTC

Compiled and installed Apache HTTPD 2.4.4 on CentOS 6.4 with
APR 1.4.6
APR-util 1.5.2
PCRE 8.32

My httpd.conf:
==========================
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule unixd_module modules/mod_unixd.so

User daemon
Listen 8000
DocumentRoot "/usr/local/apache2/htdocs"
ServerName test

SetEnvIfExpr "true" envA=1
SetEnvIf User-Agent "test" envB=1
==========================

I'm getting a segmentation fault if a any SetEnvIf directive follows after a SetEnvIfExpr directive:

# gdb ./httpd
(gdb) run
Starting program: /usr/local/apache2/bin/httpd 
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6c8f799 in __strcasecmp_l_ssse3 () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install expat-2.0.1-11.el6_2.x86_64 glibc-2.12-1.107.el6.x86_64 nss-softokn-freebl-3.12.9-11.el6.x86_64
(gdb) bt
#0  0x00007ffff6c8f799 in __strcasecmp_l_ssse3 () from /lib64/libc.so.6
#1  0x00007ffff64ee1a0 in add_setenvif_core (cmd=0x7fffffffe3f0, mconfig=<value optimized out>, fname=0x6cc4c0 "User-Agent", 
    args=0x6cb55a "envB=1") at mod_setenvif.c:317
#2  0x00007ffff64ee597 in add_setenvif (cmd=0x7fffffffe3f0, mconfig=0x6c9cb8, args=0x6cb553 "\"test\" envB=1") at mod_setenvif.c:415
#3  0x0000000000448ace in invoke_cmd (cmd=0x7ffff66ef600, parms=0x7fffffffe3f0, mconfig=0x6c9cb8, args=0x6cb548 "User-Agent \"test\" envB=1")
    at config.c:876
#4  0x000000000044a5c3 in ap_walk_config_sub (current=0x6cb500, parms=0x7fffffffe3f0, section_vector=0x6c7858) at config.c:1306
#5  ap_walk_config (current=0x6cb500, parms=0x7fffffffe3f0, section_vector=0x6c7858) at config.c:1339
#6  0x000000000044aa49 in ap_process_config_tree (s=<value optimized out>, conftree=<value optimized out>, p=0x695138, ptemp=<value optimized out>)
    at config.c:2063
#7  0x0

Comment 1 Ruediger Pluem 2013-04-24 11:50:53 UTC

Does the following patch solve your issue:

Index: modules/metadata/mod_setenvif.c
===================================================================
--- modules/metadata/mod_setenvif.c     (revision 1471371)
+++ modules/metadata/mod_setenvif.c     (working copy)
@@ -314,7 +314,7 @@
      */
     for (i = 0; i < sconf->conditionals->nelts; ++i) {
         new = &entries[i];
-        if (!strcasecmp(new->name, fname)) {
+        if (new->name && !strcasecmp(new->name, fname)) {
             fname = new->name;
             break;
         }

Comment 2 Reto Ischi 2013-04-24 12:36:05 UTC

Yes, this solves the issue, thanks.

Comment 3 Ruediger Pluem 2013-04-24 14:59:11 UTC

Fixed in trunk as r1471449.

Comment 4 Ruediger Pluem 2013-04-26 11:42:32 UTC

Baqckported to 2.4.x as r1476143.