Bug 57435 - connection->id isn't unique
Summary: connection->id isn't unique
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mpm_event (show other bugs)
Version: 2.4.10
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: FixedInTrunk, PatchAvailable
Depends on:
Blocks:
 
Reported: 2015-01-12 01:00 UTC by Michael Thorpe
Modified: 2015-01-23 09:04 UTC (History)
1 user (show)



Attachments
fixes Apache bug 57435 (492 bytes, patch)
2015-01-12 01:02 UTC, Michael Thorpe
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Thorpe 2015-01-12 01:00:57 UTC
process_socket() allows a thread to grab a conn_rec that was created by a different thread but doesn't update connection->id to the current worker's thread ID. This means there are multiple open connections sharing an ID. If both those connections call a CGI at the same time, mod_cgid will use the same key for both CGIs, causing one to be killed when the other one is cleaned up.
Comment 1 Michael Thorpe 2015-01-12 01:02:43 UTC
Created attachment 32364 [details]
fixes Apache bug 57435

Changes event.c to reset the connection->id when grabbing a sleeping connection.
Comment 2 Michael Thorpe 2015-01-12 01:05:01 UTC
The error can be tested by throwing a lot of concurrent CGI requests at the server, or by putting trace lines in the code and verifying that multiple connections can share an ID at one point in time.
Comment 3 Eric Covener 2015-01-12 13:43:12 UTC
Applied to trunk in r1651088 with modified comment, Thanks for the report and patch.
Comment 4 Yann Ylavic 2015-01-23 09:04:39 UTC
Backported to 2.4.11 in r1651656.