269791 – www-apache/mod_auth_kerb-5.3: random crashes every now and then

Bug 269791 - www-apache/mod_auth_kerb-5.3: random crashes every now and then

Summary: www-apache/mod_auth_kerb-5.3: random crashes every now and then

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Server (show other bugs)
Hardware:	AMD64 Linux

Importance:	High critical (vote)
Assignee:	Apache Team - Bugzilla Reports

URL:
Whiteboard:
Keywords:

Duplicates (1):	269784 (view as bug list)
Depends on:
Blocks:

Reported:	2009-05-14 07:23 UTC by Alexander Dubov
Modified:	2009-09-17 06:50 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
"emerge --info" of my test machine (ei.txt,5.77 KB, text/plain) 2009-05-15 03:32 UTC, Alexander Dubov	Details
"emerge -pvq apache" of my test machine (ai.txt,798 bytes, text/plain) 2009-05-15 03:34 UTC, Alexander Dubov	Details
More elaborate crash dump from the apache with fully annotated backtrace. (ac.txt,86.60 KB, text/plain) 2009-05-15 03:54 UTC, Alexander Dubov	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Dubov 2009-05-14 07:23:22 UTC

The auth module will occasionally cause the apache child process to crash, interrupting the connection. The problem is probably caused by a particular hack present in the mod_auth_kerb.c:278

------------

#if defined(KRB5) && !defined(HEIMDAL)
/* Needed to work around problems with replay caches */
#include "mit-internals.h"

/* This is our replacement krb5_rc_store function */
static krb5_error_code KRB5_LIB_FUNCTION

----------

The workaround is version specific to mit kerberos v1.3 and may be responsible for the crashes I'm experiencing:

*** glibc detected *** /usr/sbin/apache2: double free or corruption (out): 0x0000
7f6028000100 ***
======= Backtrace: =========
/lib/libc.so.6[0x7f604aaa6e0d]
/lib/libc.so.6(cfree+0x76)[0x7f604aaa8b06]
/usr/lib/libkrb5.so.3[0x7f60444d7000]
/usr/lib64/apache2/modules/mod_auth_kerb.so[0x7f604302fcb6]
/usr/lib64/apache2/modules/mod_auth_kerb.so[0x7f6043030809]
/usr/sbin/apache2(ap_run_check_user_id+0x7a)[0x4345aa]
/usr/sbin/apache2(ap_process_request_internal+0x2c4)[0x436564]
/usr/sbin/apache2(ap_process_request+0x178)[0x446b88]
/usr/sbin/apache2[0x443d80]
/usr/sbin/apache2(ap_run_process_connection+0x7a)[0x44018a]
/usr/sbin/apache2[0x44bf39]
/lib/libpthread.so.0[0x7f604af88097]
/lib/libc.so.6(clone+0x6d)[0x7f604aafbbcd]


Reproducible: Sometimes

Steps to Reproduce:
Running apache server in a production environment with mod_auth_kerb authentication enabled.

Comment 1 Sebastian Luther (few) 2009-05-14 07:52:19 UTC

Please provide emerge --info and emerge -pvq apache.

Comment 2 Sebastian Luther (few) 2009-05-14 07:53:34 UTC

*** Bug 269784 has been marked as a duplicate of this bug. ***

Comment 3 Alexander Dubov 2009-05-15 03:32:31 UTC

Created attachment 191301 [details]
"emerge --info" of my test machine

Comment 4 Alexander Dubov 2009-05-15 03:34:31 UTC

Created attachment 191303 [details]
"emerge -pvq apache" of my test machine

Comment 5 Alexander Dubov 2009-05-15 03:54:38 UTC

Created attachment 191305 [details]
More elaborate crash dump from the apache with fully annotated backtrace.

It seems that disabling the hack in the mod_auth_kerb has no effect on the phenomenon (the crashes continue). Actual backtrace varies on occasion (there's more than one point of failure) but is always associated with kerberos credentials clean-up.

Comment 6 Alexander Dubov 2009-05-15 07:00:05 UTC

Upstream appears to fix some issues in version 5.4 of the package (I'm currently testing it).

May be the ebuild should be version bumped?

Comment 7 Alexander Dubov 2009-05-18 04:34:27 UTC

I can confirm now that v5.4 is considerably more stable (or outright fixes the bug).

Comment 8 Benedikt Böhm (RETIRED) gentoo-dev

2009-09-17 06:50:49 UTC

5.4 is in cvs now