Public bug reported: A bug in the Apache2 HTTP server results in invalid memory references in the ap_server_config_defines array after a graceful restart. This can result in server config variables defined by means of the Define directive appearing to be undefined after a graceful restart. This can cause incorrect processing of configuration files. It can also cause the server to exit due to invalid configuration, even though the configtest prior to reload succeeded.
This bug was reported upstream against Apache 2.4.6 and 2.4.10. It appears in the 2.4.7-1ubuntu4.7 found in trusty-proposed, but was fixed in 2.4.12 and so does not appear in wily. This is upstream PR 56008 and 57328. [Test Case] - apt-get install apache2 - Copy ifdefine-test.conf (attached) to /etc/apache2/sites-available - a2ensite ifdefine-test.conf - service apache2 restart - Observe that http://<hostname>/foo.html returns the default page (same as http://<hostname>/) - service apache2 reload - Examine /var/log/apache2/error.log; observe the warning message "Config variable ${TEST2} is not defined" - Observe that http://<hostname>/foo.html now returns a 404. With the bug fixed, the warning message will not appear, and the foo.html URL will continue to work after the reload. [Regression Potential] Low. The change is textually small (one line), but has a significant effect: it ensures that a fresh copy is made of the array containing defined variables each time the config file is read. Without this, on reloads the original array (containing variables defined on the command line) is modified directly, causing it to contain string pointers that will become invalid when the configuration memory pool is released. The patch only changes what happens when the configuration pool is released, avoiding leaking memory references across successive reads of the config file. As such, it is unlikely have any negative effect on processing of the configuration, and extremely unlikely to have any effect on operations once the server configuration has been read. This change was applied upstream in December, 2014 and appears in the upstream 2.4.12 release, which is in wily. The patch also appears in 2.4.10-10+deb8u2, which has been in Debian stable for about 5 weeks. ** Affects: apache2 Importance: Unknown Status: Unknown ** Affects: apache2 (Ubuntu) Importance: Undecided Status: New ** Bug watch added: bz.apache.org/bugzilla/ #57328 https://bz.apache.org/bugzilla/show_bug.cgi?id=57328 ** Also affects: apache2 via https://bz.apache.org/bugzilla/show_bug.cgi?id=57328 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1504354 Title: Invalid memory access on ap_server_config_defines To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1504354/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs