Bug 61817 - AuthLDAPBindPassword exec: directive (ap_get_exec_line()) creates defunct/zombie
Summary: AuthLDAPBindPassword exec: directive (ap_get_exec_line()) creates defunct/zombie
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_authz_ldap (show other bugs)
Version: 2.4.29
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: PatchAvailable
Depends on:
Blocks:
 
Reported: 2017-11-25 06:35 UTC by tutimura@nn.iij4u.or.jp
Modified: 2020-11-18 11:52 UTC (History)
0 users



Attachments
patch to server/util.c (ap_get_exec_line) (765 bytes, patch)
2017-11-25 06:35 UTC, tutimura@nn.iij4u.or.jp
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description tutimura@nn.iij4u.or.jp 2017-11-25 06:35:10 UTC
Created attachment 35555 [details]
patch to server/util.c (ap_get_exec_line)

ap_get_exec_line() calls apr_file_close(), but it is not enough to terminate the child process; it should call apr_proc_wait().
I'll attach a patch.

This will occur only when we use
AuthLDAPBindPassword exec:/path/to/command/to/echo/password
directive. Thus it is difficult to reproduce.

So I checked my patch with customized server/log.c.
I added last two lines.

void ap_logs_child_init(apr_pool_t *p, server_rec *s)
{
    read_handle_t *cur = read_handles;

    while (cur) {
        apr_file_close(cur->handle);
        cur = cur->next;
    }
    const char *argv[] = {"dummyXXXX"};  /* added for test */
    ap_get_exec_line(p, "/bin/mktemp", argv);  /* added for test */
}

We can easily see defunct mktemp without patch. With patch, we don't see.

% ./apachectl start
% ps aux | grep Z
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
me       19398  0.0  0.0      0     0 ?        Z    14:42   0:00 [mktemp] <defunct>
me       19399  0.0  0.0      0     0 ?        Z    14:42   0:00 [mktemp] <defunct>
me       19400  0.0  0.0      0     0 ?        Z    14:42   0:00 [mktemp] <defunct>
me       19485  0.0  0.0  14860  2184 pts/3    S+   14:42   0:00 grep --color=auto Z

NOTE: Sorry, argv have no effect. I may misunderstand how to use argv.
Comment 1 schlarbm 2020-11-18 11:22:57 UTC
Hi everyone,

we're seeing this problem with 2.4.46-1~bpo10 (Debian Package), too.

I've created a bug report in the Debian Bug tracker to track it there: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975048

Could this patch be included in the upstream code?

Regards,
Moritz