Ubuntu
libapache2-mod-auth-pgsql package

  1. Bug #1698758
  2. Comment #14

Comment 14 for bug 1698758

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Zesty verification

Crash reproduced with libapache2-mod-auth-pgsql 2.0.3-6.1:

ubuntu@zesty-mod-auth-pgsql-crypt-segfault-1698758:~$ for u in ubuntu-invalidhash ubuntu-md5 ubuntu-sha256 ubuntu-sha512 ubuntu-des; do echo -n "Testing $u... "; curl -f http://$u:secret@localhost/ -o /dev/null -s; echo $?; done
Testing ubuntu-invalidhash... 52
Testing ubuntu-md5... 0
Testing ubuntu-sha256... 0
Testing ubuntu-sha512... 0
Testing ubuntu-des... 0

error log:
ubuntu@zesty-mod-auth-pgsql-crypt-segfault-1698758:~$ tail /var/log/apache2/error.log -n 1
[Thu Aug 03 14:16:55.592332 2017] [core:notice] [pid 4331:tid 139808776572416] AH00051: child pid 4333 exit signal Segmentation fault (11), possible coredump in /etc/apache2

Upgrading to the proposed package:
(...)
Get:1 http://br.archive.ubuntu.com/ubuntu zesty-proposed/main amd64 libapache2-mod-auth-pgsql amd64 2.0.3-6.1ubuntu0.17.04.1 [18.4 kB]
Fetched 18.4 kB in 0s (236 kB/s)
(Reading database ... 28157 files and directories currently installed.)
Preparing to unpack .../libapache2-mod-auth-pgsql_2.0.3-6.1ubuntu0.17.04.1_amd64.deb ...
Unpacking libapache2-mod-auth-pgsql (2.0.3-6.1ubuntu0.17.04.1) over (2.0.3-6.1) ...
Setting up libapache2-mod-auth-pgsql (2.0.3-6.1ubuntu0.17.04.1) ...
apache2_invoke 000_auth_pgsql: already enabled

Retrying the loop:
ubuntu@zesty-mod-auth-pgsql-crypt-segfault-1698758:~$ for u in ubuntu-invalidhash ubuntu-md5 ubuntu-sha256 ubuntu-sha512 ubuntu-des; do echo -n "Testing $u... "; curl -f http://$u:secret@localhost/ -o /dev/null -s; echo $?; done
Testing ubuntu-invalidhash... 22
Testing ubuntu-md5... 0
Testing ubuntu-sha256... 0
Testing ubuntu-sha512... 0
Testing ubuntu-des... 0

Server error logs show no crash, and the unsupported hash format:
[Thu Aug 03 14:20:52.401265 2017] [auth_pgsql:error] [pid 4786:tid 140649768675072] [client 127.0.0.1:41358] [mod_auth_pgsql.c] - ERROR - PG user ubuntu-invalidhash: unsupported CRYPT format
[Thu Aug 03 14:20:52.401536 2017] [auth_basic:error] [pid 4786:tid 140649768675072] [client 127.0.0.1:41358] AH01617: user ubuntu-invalidhash: authentication failure for "/": Password Mismatch