← Back to team overview

enterprise-support team mailing list archive

[Bug 1504354] [NEW] Invalid memory access on ap_server_config_defines

 

Public bug reported:

A bug in the Apache2 HTTP server results in invalid memory references
in the ap_server_config_defines array after a graceful restart.  This
can result in server config variables defined by means of the Define
directive appearing to be undefined after a graceful restart.  This
can cause incorrect processing of configuration files.  It can also
cause the server to exit due to invalid configuration, even though
the configtest prior to reload succeeded.

This bug was reported upstream against Apache 2.4.6 and 2.4.10.  It
appears in the 2.4.7-1ubuntu4.7 found in trusty-proposed, but was
fixed in 2.4.12 and so does not appear in wily.

This is upstream PR 56008 and 57328.


[Test Case]
- apt-get install apache2
- Copy ifdefine-test.conf (attached) to /etc/apache2/sites-available
- a2ensite ifdefine-test.conf
- service apache2 restart
- Observe that http://<hostname>/foo.html returns the default page
  (same as http://<hostname>/)

- service apache2 reload
- Examine /var/log/apache2/error.log; observe the warning message
  "Config variable ${TEST2} is not defined"
- Observe that http://<hostname>/foo.html now returns a 404.

With the bug fixed, the warning message will not appear, and the
foo.html URL will continue to work after the reload.


[Regression Potential]
Low.

The change is textually small (one line), but has a significant effect:
it ensures that a fresh copy is made of the array containing defined
variables each time the config file is read.  Without this, on reloads
the original array (containing variables defined on the command line)
is modified directly, causing it to contain string pointers that will
become invalid when the configuration memory pool is released.

The patch only changes what happens when the configuration pool is
released, avoiding leaking memory references across successive reads
of the config file.  As such, it is unlikely have any negative effect
on processing of the configuration, and extremely unlikely to have any
effect on operations once the server configuration has been read.

This change was applied upstream in December, 2014 and appears in the
upstream 2.4.12 release, which is in wily.  The patch also appears in
2.4.10-10+deb8u2, which has been in Debian stable for about 5 weeks.

** Affects: apache2
     Importance: Unknown
         Status: Unknown

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: New

** Bug watch added: bz.apache.org/bugzilla/ #57328
   https://bz.apache.org/bugzilla/show_bug.cgi?id=57328

** Also affects: apache2 via
   https://bz.apache.org/bugzilla/show_bug.cgi?id=57328
   Importance: Unknown
       Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1504354

Title:
  Invalid memory access on ap_server_config_defines

To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1504354/+subscriptions


Follow ups