apache2 crashes on svn query with kerberos + ssl

Bug #578681 reported by Sönke von Heymann
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Apache2 Web Server
Invalid
Medium
apache2 (Ubuntu)
Invalid
Medium
Unassigned
libapache-mod-auth-kerb (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: apache2

Description: Ubuntu 10.04 LTS Server
Release: 10.04
apache2 2.2.14-5ubuntu8

Hudson queries svn-server for a repository, the connection drops and apache crahes.
svn-queries using tortoise-svn work perfectly

The svn-server is the only site running on that server.

mods-enabled:

alias.conf -> ../mods-available/alias.conf
alias.load -> ../mods-available/alias.load
auth_basic.load -> ../mods-available/auth_basic.load
auth_kerb.load -> ../mods-available/auth_kerb.load
authn_file.load -> ../mods-available/authn_file.load
authz_default.load -> ../mods-available/authz_default.load
authz_groupfile.load -> ../mods-available/authz_groupfile.load
authz_host.load -> ../mods-available/authz_host.load
authz_user.load -> ../mods-available/authz_user.load
autoindex.conf -> ../mods-available/autoindex.conf
autoindex.load -> ../mods-available/autoindex.load
cgid.conf -> ../mods-available/cgid.conf
cgid.load -> ../mods-available/cgid.load
dav.load -> ../mods-available/dav.load
dav_svn.conf -> ../mods-available/dav_svn.conf
dav_svn.load -> ../mods-available/dav_svn.load
deflate.conf -> ../mods-available/deflate.conf
deflate.load -> ../mods-available/deflate.load
dir.conf -> ../mods-available/dir.conf
dir.load -> ../mods-available/dir.load
env.load -> ../mods-available/env.load
mime.conf -> ../mods-available/mime.conf
mime.load -> ../mods-available/mime.load
negotiation.conf -> ../mods-available/negotiation.conf
negotiation.load -> ../mods-available/negotiation.load
reqtimeout.conf -> ../mods-available/reqtimeout.conf
reqtimeout.load -> ../mods-available/reqtimeout.load
setenvif.conf -> ../mods-available/setenvif.conf
setenvif.load -> ../mods-available/setenvif.load
ssl.conf -> ../mods-available/ssl.conf
ssl.load -> ../mods-available/ssl.load
status.conf -> ../mods-available/status.conf
status.load -> ../mods-available/status.load

sites-enabled:
<IfModule mod_ssl.c>
<VirtualHost *:443>

  ServerAdmin webmaster@localhost
  DocumentRoot /var/svn/www
  ServerName svnserver.mydomain.local
  ServerAlias svnserver.mydomain.local

  # allow transfer of very large files
  LimitRequestBody 0
  LimitXMLRequestBody 0

  SSLEngine On
  SSLCertificateFile /etc/ssl/certs/svnserver_local_cert.pem
  SSLCertificateKeyFile /etc/ssl/private/svnserver_local_key.pem

  ErrorLog /var/log/apache2/error.log
  LogLevel warn
  CustomLog /var/log/apache2/access.log combined

  # general settings
  <Location />
    SSLRequireSSL
    Require valid-user
    AuthName "Subversion repository"
    AuthType Kerberos
    KrbAuthRealms MYDOMAIN.LOCAL
    KrbServiceName HTTP
    KrbMethodNegotiate on
    KrbMethodK5Passwd on
    KrbSaveCredentials on
    Krb5Keytab "/etc/apache2/http_svnserver_krb5.keytab"
  </Location>

  # repository specific settings
  Include /var/svn/apache2_conf/locations-enabled/

</VirtualHost>
</IfModule>

apache2.conf:

ServerRoot "/etc/apache2"
LockFile /var/lock/apache2/accept.lock
PidFile ${APACHE_PID_FILE}
Timeout 1800
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<IfModule mpm_prefork_module>
    StartServers 5
    MinSpareServers 5
    MaxSpareServers 10
    MaxClients 150
    MaxRequestsPerChild 0
</IfModule>
<IfModule mpm_worker_module>
    StartServers 2
    MinSpareThreads 25
    MaxSpareThreads 75
    ThreadLimit 64
    ThreadsPerChild 25
    MaxClients 150
    MaxRequestsPerChild 0
</IfModule>
<IfModule mpm_event_module>
    StartServers 2
    MaxClients 150
    MinSpareThreads 25
    MaxSpareThreads 75
    ThreadLimit 64
    ThreadsPerChild 25
    MaxRequestsPerChild 0
</IfModule>
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
AccessFileName .htaccess
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>
DefaultType text/plain
HostnameLookups Off
ErrorLog /var/log/apache2/error.log
LogLevel debug
Include /etc/apache2/mods-enabled/*.load
Include /etc/apache2/mods-enabled/*.conf
Include /etc/apache2/httpd.conf
Include /etc/apache2/ports.conf
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog /var/log/apache2/other_vhosts_access.log vhost_combined
Include /etc/apache2/conf.d/
Include /etc/apache2/sites-enabled/

Revision history for this message
Sönke von Heymann (soenke-von-heymann) wrote :
Revision history for this message
Sönke von Heymann (soenke-von-heymann) wrote :
Download full text (33.5 KiB)

Attached is a gdb coredump-output from this crash:

[Wed May 12 09:37:44 2010] [notice] child pid 417 exit signal Segmentation fault (11), possible coredump in /tmp
*** glibc detected *** /usr/sbin/apache2: double free or corruption (fasttop): 0x00007f6660018d20 ***
[Wed May 12 09:37:45 2010] [notice] child pid 549 exit signal Segmentation fault (11), possible coredump in /tmp
apache2: tpp.c:63: __pthread_tpp_change_priority: Assertion `new_prio == -1 || (new_prio >= __sched_fifo_min_prio && new_prio <= __sched_fifo_max_prio)' failed.
[Wed May 12 09:37:46 2010] [notice] child pid 582 exit signal Segmentation fault (11), possible coredump in /tmp
[Wed May 12 09:37:46 2010] [notice] child pid 583 exit signal Aborted (6), possible coredump in /tmp
*** glibc detected *** /usr/sbin/apache2: free(): invalid pointer: 0x00007f665c0085f0 ***
======= Backtrace: =========
/lib/libc.so.6(+0x775b6)[0x7f667b2e25b6]
/lib/libc.so.6(cfree+0x73)[0x7f667b2e8e53]
/usr/lib/libkrb5.so.3(+0x39fd7)[0x7f6679d29fd7]
/usr/lib/apache2/modules/mod_auth_kerb.so(+0x34a2)[0x7f667a1eb4a2]
/usr/lib/apache2/modules/mod_auth_kerb.so(+0x3650)[0x7f667a1eb650]
/usr/lib/apache2/modules/mod_auth_kerb.so(+0x454c)[0x7f667a1ec54c]
/usr/lib/apache2/modules/mod_auth_kerb.so(+0x5e9f)[0x7f667a1ede9f]
/usr/sbin/apache2(ap_run_check_user_id+0x68)[0x7f667c0f12a8]
/usr/sbin/apache2(ap_process_request_internal+0x262)[0x7f667c0f34e2]
/usr/sbin/apache2(ap_process_request+0x1b8)[0x7f667c1075d8]
/usr/sbin/apache2(+0x52498)[0x7f667c104498]
/usr/sbin/apache2(ap_run_process_connection+0x68)[0x7f667c0fdf38]
/usr/sbin/apache2(+0x5ae82)[0x7f667c10ce82]
/usr/lib/libapr-1.so.0(+0x292ff)[0x7f667b8332ff]
/lib/libpthread.so.0(+0x69ca)[0x7f667b5f39ca]
/lib/libc.so.6(clone+0x6d)[0x7f667b35169d]
======= Memory map: ========
7f6658000000-7f6658031000 rw-p 00000000 00:00 0
7f6658031000-7f665c000000 ---p 00000000 00:00 0
7f665c000000-7f665c032000 rw-p 00000000 00:00 0
7f665c032000-7f6660000000 ---p 00000000 00:00 0
7f6660000000-7f666005a000 rw-p 00000000 00:00 0
7f666005a000-7f6664000000 ---p 00000000 00:00 0
7f66658fc000-7f6665901000 r-xp 00000000 08:01 260979 /lib/libnss_dns-2.11.1.so
7f6665901000-7f6665b00000 ---p 00005000 08:01 260979 /lib/libnss_dns-2.11.1.so
7f6665b00000-7f6665b01000 r--p 00004000 08:01 260979 /lib/libnss_dns-2.11.1.so
7f6665b01000-7f6665b02000 rw-p 00005000 08:01 260979 /lib/libnss_dns-2.11.1.so
7f6665b02000-7f6665b04000 r-xp 00000000 08:01 82101 /usr/lib/krb5/plugins/preauth/encrypted_challenge.so
7f6665b04000-7f6665d03000 ---p 00002000 08:01 82101 /usr/lib/krb5/plugins/preauth/encrypted_challenge.so
7f6665d03000-7f6665d04000 r--p 00001000 08:01 82101 /usr/lib/krb5/plugins/preauth/encrypted_challenge.so
7f6665d04000-7f6665d05000 rw-p 00002000 08:01 82101 /usr/lib/krb5/plugins/preauth/encrypted_challenge.so
7f6665d05000-7f6665d1b000 r-xp 00000000 08:01 260796 /lib/libgcc_s.so.1
7f6665d1b000-7f6665f1a000 ---p 00016000 08:01 260796 /lib/libgcc_s.so.1
7f6665f1a000-7f6665f1b000 r--p 00015000 08:...

Revision history for this message
Chuck Short (zulcss) wrote :

Thank you for your bug report. This bug has been reported to the developers of the software. You can track it and make comments at:

https://issues.apache.org/bugzilla/show_bug.cgi?id=49304

Changed in apache2 (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
Sönke von Heymann (soenke-von-heymann) wrote :

I have reported this bug also here as mod_auth_kerb is no apache project:

http://sourceforge.net/tracker/?func=detail&aid=3009469&group_id=51775&atid=464524

Changed in apache2:
importance: Unknown → Medium
status: Unknown → Invalid
Revision history for this message
andreabreaux (andreabreaux) wrote :

<a href=https://www.my-milestonecard.com>MyMilestoneCard</a>

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

I wonder if we are still affected by this one.

The upstream bug report URL listed above is broken. I wonder if this is related to that: https://sourceforge.net/p/modauthkerb/bugs/47/.

I am moving this bug to libapache-mod-auth-kerb as per the apache2 upstream bug report.

Changed in apache2 (Ubuntu):
status: Triaged → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.