Hi,
On Mon, 28 Aug 2006, Matthew Palmer wrote:
Can you get a symbolified backtrace to show exactly where it's segfaulting?
I know m-a-mysql doesn't ship with a debugging symbol table, but a rebuild
should fix that.
Ok, I succeeded in rebuilding the shared object with a symbol table. (I
had to do some hacking, so I still do not know how to properly build this
thing with dpkg-buildpackage and these conflicting build dependencies.)
Anyway, the program segfaults at this line:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1483326592 (LWP 24579)]
0xa7f5f078 in mysql_authenticate_basic_user (r=0x0) at
mod_auth_mysql.c:1295
1295 for (ete=supported_encryption_types; ete->name; ete++) {
(gdb) bt
#0 0xa7f5f078 in mysql_authenticate_basic_user (r=0x0) at
mod_auth_mysql.c:1295
#1 0x00000000 in ?? ()
(gdb) info registers
eax 0x0 0
ecx 0xafe77c1a -1343783910
edx 0xe77c00 15170560
ebx 0x35434535 893601077
esp 0xafe77c30 0xafe77c30
ebp 0xafe70036 0xafe70036
esi 0x41323433 1093809203
edi 0x824b168 136622440
eip 0xa7f5f078 0xa7f5f078
<mysql_authenticate_basic_user+1144>
eflags 0x210246 [ PF ZF IF RF ID ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
This lead me to the conclusion that indeed the
'Auth_MySQL_Encryption_Types MySQL' is broken. The module itself is able
to access the database just fine with old or new style passwords (this is
what was achieved by rebuilding against libmysqlclient15), however the
routines in the module that allow the user to specify MySQL type encrypted
passwords, using the password() function, is somehow segfaulting.
After some investigation the segfault seems to be caused by mod_auth_mysql
not receiving a complete hash. Upon further inspection, my database
columns for the password fields were only 25 characters wide, so this was
not enough for the new style hashed passwords (which need 41 char
columns).
So, the program definately needs a length check here, the crash should
never happen, regardless of database column size.
Anyway, to quickly see if this would help, I decided to fix the database.
Having fixed the database, another segfault appeared.
[Switching to Thread -1483527296 (LWP 25742)]
0xa7f2e0f5 in mysql_authenticate_basic_user (r=0x0) at
mod_auth_mysql.c:1300
1300 APACHELOG(APLOG_DEBUG, r, "Auth
succeeded");
(gdb) bt
#0 0xa7f2e0f5 in mysql_authenticate_basic_user (r=0x0) at
mod_auth_mysql.c:1300
#1 0x00000000 in ?? ()
(gdb) info registers
eax 0x35432eb9 893595321
ecx 0x514 1300
edx 0x0 0
ebx 0x35434535 893601077
esp 0xafd491c0 0xafd491c0
ebp 0xafd40036 0xafd40036
esi 0xf 15
edi 0x0 0
eip 0xa7f2e0f5 0xa7f2e0f5
<mysql_authenticate_basic_user+1269>
eflags 0x210246 [ PF ZF IF RF ID ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
This one seems to be caused by a buffer overflow of this buffer at line
232 of mod_auth_mysql.c:
char scrambled_passwd[32];
The function make_scrambled_password returns a 41 byte hash with the
new-style passwords, so this will not fit. Enlarging this buffer to 48
bytes seems to fix my application.
Regards,
Robbert
PS. Note also that MySQL does not recommend using the password() function
to encrypt application passwords.
"Applications really should not do this, because PASSWORD() should be used
only to manage passwords for MySQL accounts. But some applications use
PASSWORD() for their own purposes anyway."
(http://dev.mysql.com/doc/refman/5.1/en/application-password-use.html)
Following this advice, and seeing the shape of the code, it is arguable
that 'MySQL' encryption type should be removed entirely from the program.
PPS. This seems to be the same bug as #346194, and possibly also #382243.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
