Bug 55286 - Floating point exception (8) in mod_auth_digest
Summary: Floating point exception (8) in mod_auth_digest
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_auth_digest (show other bugs)
Version: 2.4.4
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-07-21 10:59 UTC by Daniel Black
Modified: 2013-07-28 23:28 UTC (History)
0 users



Attachments
webroot files (10.00 KB, application/x-tar)
2013-07-21 10:59 UTC, Daniel Black
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Black 2013-07-21 10:59:58 UTC
Created attachment 30607 [details]
webroot files

wget --http-user='username' --http-password='password' -S http://localhost:801/digest/nc/index.html -O /dev/null

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/local/apache2/bin/httpd -k start'.
Program terminated with signal 8, Arithmetic exception.
#0  0x00007f3bfab91978 in add_client (key=12, info=0x7f3bf76f3950, s=0x1e4b508) at mod_auth_digest.c:845
845         bucket = key % client_list->tbl_len;
Missing separate debuginfos, use: debuginfo-install apr-1.4.6-1.fc17.x86_64 apr-util-1.4.1-2.fc17.x86_64 db4-4.8.30-10.fc17.x86_64 expat-2.1.0-1.fc17.x86_64 libgcc-4.7.2-2.fc17.x86_64 libuuid-2.21.2-4.fc17.x86_64 nss-mdns-0.10-10.fc17.x86_64 nss-myhostname-0.3-2.fc17.x86_64 nss-softokn-freebl-3.14.3-1.fc17.x86_64 pcre-8.21-7.fc17.x86_64
(gdb) bt
#0  0x00007f3bfab91978 in add_client (key=12, info=0x7f3bf76f3950, s=0x1e4b508) at mod_auth_digest.c:845
#1  0x00007f3bfab92881 in gen_client (r=0x7f3be0002970) at mod_auth_digest.c:1137
#2  0x00007f3bfab92c49 in note_digest_auth_failure (r=0x7f3be0002970, conf=0x7f3be0009e68, resp=0x7f3be0003e40, stale=0) at mod_auth_digest.c:1275
#3  0x00007f3bfab943a8 in authenticate_digest_user (r=0x7f3be0002970) at mod_auth_digest.c:1732
#4  0x000000000044624c in ap_run_check_user_id (r=0x7f3be0002970) at request.c:79
#5  0x000000000044752c in ap_process_request_internal (r=0x7f3be0002970) at request.c:233
#6  0x000000000046e3b8 in ap_process_async_request (r=0x7f3be0002970) at http_request.c:315
#7  0x000000000046a8d9 in ap_process_http_async_connection (c=0x7f3bf0003220) at http_core.c:143
#8  0x000000000046aac5 in ap_process_http_connection (c=0x7f3bf0003220) at http_core.c:228
#9  0x000000000045fb75 in ap_run_process_connection (c=0x7f3bf0003220) at connection.c:41
#10 0x0000000000478ac9 in process_socket (thd=0x1e4dff0, p=0x7f3bf0002f18, sock=0x7f3bf0002fa0, cs=0x7f3bf00031a8, my_child_num=1, my_thread_num=1)
    at event.c:964
#11 0x000000000047b0b7 in worker_thread (thd=0x1e4dff0, dummy=0x7f3bf0000a10) at event.c:1812
#12 0x0000003d75207d14 in start_thread (arg=0x7f3bf76f4700) at pthread_create.c:309
#13 0x0000003d74af168d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
(gdb) p key
$1 = 12
(gdb) p client_list
$2 = (struct hash_table *) 0x7f3bfd045030
(gdb) p *client_list
$3 = {table = 0x0, tbl_len = 0, num_entries = 0, num_created = 0, num_removed = 0, num_renewed = 0}

httpd config same as #55284 - effectively an AllowOverwride all on the webroot.

webroot .htaccess files attached.
Comment 1 Daniel Black 2013-07-28 23:28:32 UTC
found this link containing a bit of analysis

http://crypto.junod.info/2013/03/25/awakening-zombie-code-in-apache-httpd/