Ubuntu
libapache2-mod-auth-pgsql package

Bug #1698758
Comment #15

Comment 15 for bug 1698758

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2017-08-03:

#15

Xenial verification:

Crash confirmed with libapache2-mod-auth-pgsql 2.0.3-6.1:
ubuntu@xenial-mod-auth-pgsql-crypt-segfault-1698758:~$ for u in ubuntu-invalidhash ubuntu-md5 ubuntu-sha256 ubuntu-sha512 ubuntu-des; do echo -n "Testing $u... "; curl -f http://$u:secret@localhost/ -o /dev/null -s; echo $?; done
Testing ubuntu-invalidhash... 52
Testing ubuntu-md5... 0
Testing ubuntu-sha256... 0
Testing ubuntu-sha512... 0
Testing ubuntu-des... 0

apache error log:
ubuntu@xenial-mod-auth-pgsql-crypt-segfault-1698758:~$ tail -n 1 /var/log/apache2/error.log
[Thu Aug 03 14:25:13.785006 2017] [core:notice] [pid 4260:tid 139737623807872] AH00051: child pid 4263 exit signal Segmentation fault (11), possible coredump in /etc/apache2

Installing the package from proposed:
(...)
Get:1 http://br.archive.ubuntu.com/ubuntu xenial-proposed/main amd64 libapache2-mod-auth-pgsql amd64 2.0.3-6.1ubuntu0.16.04.1 [18.5 kB]
Fetched 18.5 kB in 0s (266 kB/s)
(Reading database ... 26956 files and directories currently installed.)
Preparing to unpack .../libapache2-mod-auth-pgsql_2.0.3-6.1ubuntu0.16.04.1_amd64.deb ...
Unpacking libapache2-mod-auth-pgsql (2.0.3-6.1ubuntu0.16.04.1) over (2.0.3-6.1) ...
Setting up libapache2-mod-auth-pgsql (2.0.3-6.1ubuntu0.16.04.1) ...
apache2_invoke 000_auth_pgsql: already enabled

Retrying the loop, this time we get just the auth error:
ubuntu@xenial-mod-auth-pgsql-crypt-segfault-1698758:~$ for u in ubuntu-invalidhash ubuntu-md5 ubuntu-sha256 ubuntu-sha512 ubuntu-des; do echo -n "Testing $u... "; curl -f http://$u:secret@localhost/ -o /dev/null -s; echo $?; done
Testing ubuntu-invalidhash... 22
Testing ubuntu-md5... 0
Testing ubuntu-sha256... 0
Testing ubuntu-sha512... 0
Testing ubuntu-des... 0

apache error log shows the unsupported hash format and no crash:
ubuntu@xenial-mod-auth-pgsql-crypt-segfault-1698758:~$ tail -n 2 /var/log/apache2/error.log
[Thu Aug 03 14:26:49.400099 2017] [auth_pgsql:error] [pid 4747:tid 140520391177984] [client 127.0.0.1:41554] [mod_auth_pgsql.c] - ERROR - PG user ubuntu-invalidhash: unsupported CRYPT format
[Thu Aug 03 14:26:49.400440 2017] [auth_basic:error] [pid 4747:tid 140520391177984] [client 127.0.0.1:41554] AH01617: user ubuntu-invalidhash: authentication failure for "/": Password Mismatch

Xenial verification:

Crash confirmed with libapache2-mod-auth-pgsql	2.0.3-6.1:
ubuntu@xenial-mod-auth-pgsql-crypt-segfault-1698758:~$ for u in ubuntu-invalidhash ubuntu-md5 ubuntu-sha256 ubuntu-sha512 ubuntu-des; do echo -n "Testing $u... "; curl -f http://$u:secret@localhost/ -o /dev/null -s; echo $?; done
Testing ubuntu-invalidhash... 52
Testing ubuntu-md5... 0
Testing ubuntu-sha256... 0
Testing ubuntu-sha512... 0
Testing ubuntu-des... 0

apache error log:
ubuntu@xenial-mod-auth-pgsql-crypt-segfault-1698758:~$ tail -n 1 /var/log/apache2/error.log 
[Thu Aug 03 14:25:13.785006 2017] [core:notice] [pid 4260:tid 139737623807872] AH00051: child pid 4263 exit signal Segmentation fault (11), possible coredump in /etc/apache2

Installing the package from proposed:
(...)
Get:1 http://br.archive.ubuntu.com/ubuntu xenial-proposed/main amd64 libapache2-mod-auth-pgsql amd64 2.0.3-6.1ubuntu0.16.04.1 [18.5 kB]
Fetched 18.5 kB in 0s (266 kB/s)                     
(Reading database ... 26956 files and directories currently installed.)
Preparing to unpack .../libapache2-mod-auth-pgsql_2.0.3-6.1ubuntu0.16.04.1_amd64.deb ...
Unpacking libapache2-mod-auth-pgsql (2.0.3-6.1ubuntu0.16.04.1) over (2.0.3-6.1) ...
Setting up libapache2-mod-auth-pgsql (2.0.3-6.1ubuntu0.16.04.1) ...
apache2_invoke 000_auth_pgsql: already enabled

apache error log shows the unsupported hash format and no crash:
ubuntu@xenial-mod-auth-pgsql-crypt-segfault-1698758:~$ tail -n 2 /var/log/apache2/error.log 
[Thu Aug 03 14:26:49.400099 2017] [auth_pgsql:error] [pid 4747:tid 140520391177984] [client 127.0.0.1:41554] [mod_auth_pgsql.c] - ERROR - PG user ubuntu-invalidhash: unsupported CRYPT format
[Thu Aug 03 14:26:49.400440 2017] [auth_basic:error] [pid 4747:tid 140520391177984] [client 127.0.0.1:41554] AH01617: user ubuntu-invalidhash: authentication failure for "/": Password Mismatch

Ubuntulibapache2-mod-auth-pgsql package

Comment 15 for bug 1698758

Ubuntu
libapache2-mod-auth-pgsql package