Bug 61817 - AuthLDAPBindPassword exec: directive (ap_get_exec_line()) creates defunct/zombie
Summary: AuthLDAPBindPassword exec: directive (ap_get_exec_line()) creates defunct/zombie
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_authz_ldap (show other bugs)
Version: 2.4.59
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Keywords: PatchAvailable
Depends on:
Reported: 2017-11-25 06:35 UTC by tutimura@nn.iij4u.or.jp
Modified: 2024-05-21 12:09 UTC (History)
1 user (show)

patch to server/util.c (ap_get_exec_line) (765 bytes, patch)
2017-11-25 06:35 UTC, tutimura@nn.iij4u.or.jp
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description tutimura@nn.iij4u.or.jp 2017-11-25 06:35:10 UTC
Created attachment 35555 [details]
patch to server/util.c (ap_get_exec_line)

ap_get_exec_line() calls apr_file_close(), but it is not enough to terminate the child process; it should call apr_proc_wait().
I'll attach a patch.

This will occur only when we use
AuthLDAPBindPassword exec:/path/to/command/to/echo/password
directive. Thus it is difficult to reproduce.

So I checked my patch with customized server/log.c.
I added last two lines.

void ap_logs_child_init(apr_pool_t *p, server_rec *s)
    read_handle_t *cur = read_handles;

    while (cur) {
        cur = cur->next;
    const char *argv[] = {"dummyXXXX"};  /* added for test */
    ap_get_exec_line(p, "/bin/mktemp", argv);  /* added for test */

We can easily see defunct mktemp without patch. With patch, we don't see.

% ./apachectl start
% ps aux | grep Z
me       19398  0.0  0.0      0     0 ?        Z    14:42   0:00 [mktemp] <defunct>
me       19399  0.0  0.0      0     0 ?        Z    14:42   0:00 [mktemp] <defunct>
me       19400  0.0  0.0      0     0 ?        Z    14:42   0:00 [mktemp] <defunct>
me       19485  0.0  0.0  14860  2184 pts/3    S+   14:42   0:00 grep --color=auto Z

NOTE: Sorry, argv have no effect. I may misunderstand how to use argv.
Comment 1 schlarbm 2020-11-18 11:22:57 UTC
Hi everyone,

we're seeing this problem with 2.4.46-1~bpo10 (Debian Package), too.

I've created a bug report in the Debian Bug tracker to track it there: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975048

Could this patch be included in the upstream code?

Comment 2 detlef.pangratz.ext 2024-02-14 10:58:55 UTC
I am facing same issue on 

OS: Solaris 11 11.4-
Apache: Server version: Apache/2.4.56 (Unix)

We are using AuthLDAPBindPassword in .htaccess file with directive exec

After a while we see the mentioned defunct processes. We do this  even in version 2.4.58.

I can see in truss output, that httpd process is not waiting (waitid syscall) for the child process, i.e. it does not catch its return state, thats why the defuct is created.

Can you predict when this issue will get fixed, as the issue is quite old? 

Comment 3 detlef.pangratz.ext 2024-02-26 06:31:25 UTC
Would be nice if this, really old bug, gets fixed in the coming release...