Bug 54881 - segfault with SetEnvIfExpr and SetEnvIf
Summary: segfault with SetEnvIfExpr and SetEnvIf
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_setenvif (show other bugs)
Version: 2.4.4
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Keywords: FixedInTrunk, PatchAvailable
Depends on:
Reported: 2013-04-24 08:51 UTC by Reto Ischi
Modified: 2013-04-26 11:42 UTC (History)
1 user (show)


Note You need to log in before you can comment on or make changes to this bug.
Description Reto Ischi 2013-04-24 08:51:18 UTC
Compiled and installed Apache HTTPD 2.4.4 on CentOS 6.4 with
APR 1.4.6
APR-util 1.5.2
PCRE 8.32

My httpd.conf:
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule unixd_module modules/mod_unixd.so

User daemon
Listen 8000
DocumentRoot "/usr/local/apache2/htdocs"
ServerName test

SetEnvIfExpr "true" envA=1
SetEnvIf User-Agent "test" envB=1

I'm getting a segmentation fault if a any SetEnvIf directive follows after a SetEnvIfExpr directive:

# gdb ./httpd
(gdb) run
Starting program: /usr/local/apache2/bin/httpd 
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6c8f799 in __strcasecmp_l_ssse3 () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install expat-2.0.1-11.el6_2.x86_64 glibc-2.12-1.107.el6.x86_64 nss-softokn-freebl-3.12.9-11.el6.x86_64
(gdb) bt
#0  0x00007ffff6c8f799 in __strcasecmp_l_ssse3 () from /lib64/libc.so.6
#1  0x00007ffff64ee1a0 in add_setenvif_core (cmd=0x7fffffffe3f0, mconfig=<value optimized out>, fname=0x6cc4c0 "User-Agent", 
    args=0x6cb55a "envB=1") at mod_setenvif.c:317
#2  0x00007ffff64ee597 in add_setenvif (cmd=0x7fffffffe3f0, mconfig=0x6c9cb8, args=0x6cb553 "\"test\" envB=1") at mod_setenvif.c:415
#3  0x0000000000448ace in invoke_cmd (cmd=0x7ffff66ef600, parms=0x7fffffffe3f0, mconfig=0x6c9cb8, args=0x6cb548 "User-Agent \"test\" envB=1")
    at config.c:876
#4  0x000000000044a5c3 in ap_walk_config_sub (current=0x6cb500, parms=0x7fffffffe3f0, section_vector=0x6c7858) at config.c:1306
#5  ap_walk_config (current=0x6cb500, parms=0x7fffffffe3f0, section_vector=0x6c7858) at config.c:1339
#6  0x000000000044aa49 in ap_process_config_tree (s=<value optimized out>, conftree=<value optimized out>, p=0x695138, ptemp=<value optimized out>)
    at config.c:2063
#7  0x0
Comment 1 Ruediger Pluem 2013-04-24 11:50:53 UTC
Does the following patch solve your issue:

Index: modules/metadata/mod_setenvif.c
--- modules/metadata/mod_setenvif.c     (revision 1471371)
+++ modules/metadata/mod_setenvif.c     (working copy)
@@ -314,7 +314,7 @@
     for (i = 0; i < sconf->conditionals->nelts; ++i) {
         new = &entries[i];
-        if (!strcasecmp(new->name, fname)) {
+        if (new->name && !strcasecmp(new->name, fname)) {
             fname = new->name;
Comment 2 Reto Ischi 2013-04-24 12:36:05 UTC
Yes, this solves the issue, thanks.
Comment 3 Ruediger Pluem 2013-04-24 14:59:11 UTC
Fixed in trunk as r1471449.
Comment 4 Ruediger Pluem 2013-04-26 11:42:32 UTC
Baqckported to 2.4.x as r1476143.