Bug 57868 - SIGSEV when lacking correct DB access permissions
Summary: SIGSEV when lacking correct DB access permissions
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_authz_dbd (show other bugs)
Version: 2.5-HEAD
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: FixedInTrunk, PatchAvailable
Depends on:
Blocks:
 
Reported: 2015-04-28 17:15 UTC by Jose Kahan
Modified: 2015-10-25 05:48 UTC (History)
1 user (show)



Attachments
Fixes sigsev in mod_authz_dbd when server lacks access rights to the db table (115 bytes, patch)
2015-04-28 17:15 UTC, Jose Kahan
Details | Diff
Fixes sigsev in mod_authz_dbd when server lacks access rights to the db table (1.20 KB, patch)
2015-06-11 15:50 UTC, Jose Kahan
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jose Kahan 2015-04-28 17:15:30 UTC
Created attachment 32696 [details]
Fixes sigsev in mod_authz_dbd when server lacks access rights to the db table

If the dbd handle preparation fails due to a misconfiguration of the database server or the access rights to the table, the server logs something along these lines:

   AH00632: failed to prepare SQL statements: UPDATE command denied to 
   user 'foo'@'exampleorg' for table 'bar'

As a consequence, the call to dbd_handle(r) returns NULL. However, in mod_authz_dbd, there was no control for the value of dbd before its being used in both authz_dbd_login() and authzdbd_group():

       ap_dbd_t *dbd = dbd_handle(r);
       ...
        query = apr_hash_get(dbd->prepared, <--- SIGSEV

I'm attaching a patch that solves this issue. I didn't check to see if it also occurs in other nz modules based on mod_dbd.c
Comment 1 Yann Ylavic 2015-06-11 15:21:12 UTC
Thanks for the report, but attachment 32696 [details] does not look correct (simple text, not a patch).
Comment 2 Jose Kahan 2015-06-11 15:50:12 UTC
Created attachment 32811 [details]
Fixes sigsev in mod_authz_dbd when server lacks access rights to the db table

Resubmitting as my previous patch upload failed. Sorry about that!

Tested with apache_2.4.10, but patch submitted against trunk as this module has not changed between these versions.
Comment 3 Yann Ylavic 2015-07-01 14:38:01 UTC
Thanks, committed in r1688660.
Comment 4 Christophe JAILLET 2015-08-07 15:23:44 UTC
(In reply to Jose Kahan from comment #0)

> I didn't check to see if it also occurs in other nz modules based on mod_dbd.c

Apparently, ap_dbd_acquire is only used in mod_authz_dbd, mod_authn_dbd, mod_session_dbd and mod_rewrite.

You fixed the first one.
mod_authn_dbd and mod_session_dbd already have a test to check for NULL.
mod_rewrite seems to have the same problem in 'lookup_map_dbd'.

I'll check deeper and propose a patch if confirmed.
Comment 5 Christophe JAILLET 2015-08-10 21:32:14 UTC
RewriteMap with MapType bbd or fastdbd has the same issue.
Proposed patch committed in r1695170
Comment 6 Christophe JAILLET 2015-08-11 21:04:07 UTC
Proposed for backport in r1695378
Comment 7 Christophe JAILLET 2015-10-25 05:48:17 UTC
This is in 2.4.17