That's great thanks Steve, much appreciated! Will there be a 2.0.11 release with this fix?
Cheers, Sam > On 21 Jun 2019, at 5:38 pm, Steve Hay <steve.m....@googlemail.com> wrote: > > Thanks for the report, Sam (and to Joe for the fix). This is now > committed to mod_perl trunk: > http://svn.apache.org/viewvc?view=revision&revision=1861755 > > On Thu, 20 Jun 2019 at 09:07, Steve Hay <steve.m....@googlemail.com> wrote: >> >> Looks fine to me too. Will give it a test... >> >> On Thu, 20 Jun 2019 at 01:28, Philippe Chiasson <go...@ectoplasm.org> wrote: >>> >>> Looks good to me >>> >>> Sent from the depths of my mind on an iPhone >>> >>>> On Jun 19, 2019, at 17:22, Sam Vaughan <samjvaug...@gmail.com> wrote: >>>> >>>> Hi mod_perl team, >>>> >>>> I reported a bug yesterday to the Apache team, describing a segfault that >>>> only happens if mod_perl is installed: >>>> >>>> https://bz.apache.org/bugzilla/show_bug.cgi?id=63516 >>>> >>>> My impression was that it should be fixed in httpd2, but mod_perl is the >>>> only module that adds a configuration flag to the global >>>> ap_server_config_defines array, so it has been suggested that a one-line >>>> change go into the modperl_register_hooks() function instead: >>>> >>>> Index: src/modules/perl/mod_perl.c >>>> --- src/modules/perl/mod_perl.c.orig >>>> +++ src/modules/perl/mod_perl.c >>>> @@ -861,7 +861,7 @@ >>>> >>>> /* for <IfDefine MODPERL2> and Apache2->define("MODPERL2") */ >>>> *(char **)apr_array_push(ap_server_config_defines) = >>>> - apr_pstrdup(p, "MODPERL2"); >>>> + apr_pstrdup(ap_server_config_defines->pool, "MODPERL2"); >>>> >>>> ap_hook_pre_config(modperl_hook_pre_config, >>>> NULL, NULL, APR_HOOK_MIDDLE); >>>> >>>> Essentially, the pool provided as an argument to this function doesn't >>>> have a long enough lifetime to safely be used as backing storage for the >>>> "MODPERL2" string. This change uses the pool that the >>>> ap_server_config_defines array itself was created in, thereby giving the >>>> "MODPERL2" string the same lifetime as the array it is being added to. >>>> >>>> As far as I can tell, this use-after-free bug has been sitting there for >>>> quite a few years now but Apache only segfaults if your OS is strict >>>> enough about reclaiming/unmapping freed memory. >>>> >>>> Currently, this issue causes httpd2 to segfault during startup the >>>> majority of the time on OpenBSD 6.5. >>>> >>>> I'd really appreciate it if someone could either confirm that the above >>>> patch is OK and apply it to mod_perl, or jump on the above Apache bug >>>> report and add a comment explaining why it isn't. >>>> >>>> Thanks! >>>> >>>> Sam >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org >>>> For additional commands, e-mail: dev-h...@perl.apache.org >>>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org >>> For additional commands, e-mail: dev-h...@perl.apache.org >>> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org For additional commands, e-mail: dev-h...@perl.apache.org
