Bug 56081 - Apache 2.2.26 SIGSEGVs when POST'ing data
Summary: Apache 2.2.26 SIGSEGVs when POST'ing data
Status: RESOLVED LATER
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: All (show other bugs)
Version: 2.2.26
Hardware: PC Linux
: P2 major (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: MassUpdate
Depends on:
Blocks:
 
Reported: 2014-01-28 22:22 UTC by Gary S
Modified: 2018-11-07 21:09 UTC (History)
0 users


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Gary S 2014-01-28 22:22:29 UTC 
1.) Starting apache, for the first x minutes POST data works
2.) After say, 5+ minutes, POST data stops working (using CURL to test out the posts and the likes)

Inital bt:

#0  0x00007f524f8cc86f in ?? ()
#1  0x0000000000440cdf in ap_is_recursion_limit_exceeded ()
#2  0x00000000004b8ade in ap_byterange_filter ()
#3  0x000000000045bbbf in get_ptoken ()
#4  0x000000000045c070 in parse_expr ()
#5  0x00000000004e49c9 in ?? ()
#6  0x00007f524fb3c710 in ?? ()
#7  0x0000000000000000 in ?? ()

Detailed bt:

#0  0x00007f125e3f3451 in ?? ()
No symbol table info available.
#1  0x0000000000440ad8 in server_hostname_port (cmd=0x2525638, dummy=0x11e1a300, arg=0x250c7e0 "x\305P\002") at core.c:2360
        err = 0x0
        portstr = 0x250d028 "\360\305P\002"
        part = 0x2526cb8 "8VR\002"
        scheme = 0x250c5f0 "x\305P\002"
        port = 0
#2  0x00000000004b496a in extract_dn (t=0x0, nids=0x25256b0, pfx=0x2525638 "x\305P\002", xn=0x11e1a300, p=0x250c7e0) at ssl_engine_vars.c:701
        ents = 0x2526cb8
        xsne = 0x250c5f0
        count = 0x0
        i = 32767
        nid = 0
#3  0x000000000045b9b7 in get_basic_auth (r=0x45b9b7, user=0x7fff256c9f80, pw=0x0) at mod_auth_basic.c:159
        auth_line = 0x24bde18 "\vHK"
        decoded_line = 0x250c7e0 "x\305P\002"
        length = -1
#4  0x000000000045be68 in cache_url_handler (r=0x45b9b7, lookup=32767) at mod_cache.c:73
        rv = 0
        auth = 0x250c7e0 "x\305P\002"
        providers = 0x24bde18
        cache = 0xffffffff00000000
        conf = 0x7fff256c9fb0
        out = 0x45be68
        next = 0x250c5f0
        cache_out_handle = 0x250c7e0
#5  0x00000000004e0855 in subst_prefix_path (r=0xffffffff00000000, input=0x250c578 "h\245P\002", match=0x250a470 "\002", subst=0x250a7b0 "h\245P\002") at mod_rewrite.c:930
        len = 7831192
#6  0x00000000004e0a3a in set_cache_value (name=0x4e0a3a "\211\307\350\317\303\364\377H\213\005\340n%", t=140733821264032, key=0x7fff256ca1f4 "\002", 
    val=0xc3562 <Address 0xc3562 out of bounds>) at mod_rewrite.c:982
        map = 0x781908
#7  0x00000000004e0cdf in get_cache_value (name=0x7f12600efb80 "\v", t=4294967295, key=0x2256ca1f8 <Address 0x2256ca1f8 out of bounds>, p=0x7fff256ca1f4)
    at mod_rewrite.c:1062
        map = 0x700000004
        val = 0x8 <Address 0x8 out of bounds>
#8  0x00000000004e123c in run_rewritemap_programs (s=0x0, p=0x0) at mod_rewrite.c:1240
        fpin = 0x7f125ed7edbb
        fpout = 0x0
        map = 0x787300
        val = 0x773080
        conf = 0x78d358
        hi = 0x787328
---Type <return> to continue, or q <return> to quit--- 
        rc = 37338344
        lock_warning_issued = 0
#9  0x000000000042fff9 in main (argc=4, argv=0x7fff256ca408) at main.c:527
        new = 0x77b2a0
        c = 68 'D'
        configtestonly = 0
        ap_dump_loaded_directives = 0
        confname = 0x4e3c9b "\001E\220H\213E\260H\203\300\001H\211E\230\351@\002"
        def_server_root = 0x4e3cab "@\002"
        temp_error_log = 0x0
        error = 0x0
        process = 0x777288
        server_conf = 0x781908
        pglobal = 0x777198
        pconf = 0x7791a8
        plog = 0x78d358
        ptemp = 0x787328
        pcommands = 0x77b1b8
        opt = 0x77b2a8
        rv = 0
        mod = 0x71e5d0
        optarg = 0x7fff256caf59 "SSL"
        signal_server = 0x45e589 <add_cache_enable+71>

ctrl-x 2 gives

Cannot access memory at address 0x7f125e3f3451
(gdb) 

null pointer?

# egrep 7f125e3 maps
7f125e16f000-7f125e36f000 ---p 00041000 08:05 40963                      /lib64/libgssapi_krb5.so.2.2
7f125e36f000-7f125e370000 r--p 00041000 08:05 40963                      /lib64/libgssapi_krb5.so.2.2
7f125e370000-7f125e372000 rw-p 00042000 08:05 40963                      /lib64/libgssapi_krb5.so.2.2
7f125e372000-7f125e4fd000 r-xp 00000000 08:05 41104                      /lib64/libc-2.12.so

 (gdb) up
#1  0x0000000000440ad8 in server_hostname_port (cmd=0x2525638, dummy=0x11e1a300, arg=0x250c7e0 "x\305P\002") at core.c:2360
2360          ap_str_tolower(scheme);
(gdb) l
2355
2356        part = ap_strstr_c(arg, "://");
2357
2358        if (part) {
2359          scheme = apr_pstrmemdup(cmd->pool, arg, part - arg);
2360          ap_str_tolower(scheme);
2361          cmd->server->server_scheme = scheme;
2362          part += 3;
2363        } else {
2364          part = arg;
(gdb)

(gdb) down
#1  0x0000000000440ad8 in server_hostname_port (cmd=0x252abf8, dummy=0x11e1a300, arg=0x2510da0 "8\vQ\002") at core.c:2360
2360          ap_str_tolower(scheme);
(gdb) list
2355
2356        part = ap_strstr_c(arg, "://");
2357
2358        if (part) {
2359          scheme = apr_pstrmemdup(cmd->pool, arg, part - arg);
2360          ap_str_tolower(scheme);
2361          cmd->server->server_scheme = scheme;
2362          part += 3;
2363        } else {
2364          part = arg;
(gdb) print cmd->pool
$2 = (apr_pool_t *) 0x0
(gdb) print cmd
$3 = (cmd_parms *) 0x252abf8
(gdb) ptype cmd
type = struct cmd_parms_struct {
    void *info;
    int override;
    apr_int64_t limited;
    apr_array_header_t *limited_xmethods;
    ap_method_list_t *xlimited;
    ap_configfile_t *config_file;
    ap_directive_t *directive;
    apr_pool_t *pool;
    apr_pool_t *temp_pool;
    server_rec *server;
    char *path;
    const command_rec *cmd;
    struct ap_conf_vector_t *context;
    const ap_directive_t *err_directive;
    int override_opts;
} *
(gdb) print *cmd
$4 = {info = 0x2510b38, override = 0, limited = 0, limited_xmethods = 0x2510b40, xlimited = 0x252c1b8, config_file = 0x252c298, directive = 0x250ea30, pool = 0x0, temp_pool = 0x0, server = 0x0, 
  path = 0x4e52a8 "\225", cmd = 0x252abd0, context = 0x252abd0, err_directive = 0x252ac70, override_opts = 0}
Comment 1 William A. Rowe Jr. 2018-11-07 21:09:57 UTC 
Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd.

As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd.

If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question.

If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with.

Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.