Apache + mod_dbd + apr(mysql) = crash on graceful restart and wont start again

W

willyvmm

Hi.

I'm heading a strange problem.

I need to use RewriteMap with MYSQL.

So i have enabled mod_dbd and installed devel/apr1 from ports with MYSQL enabled.
Everything is installed from packages, except the APR1 because of MYSQL.

Now the strange is coming.

Generally the config is working, but graceful restart causes the apache to crash, and prevent it from starting again.

I have narrowed this issue to one line, so
When i add this particular line to one of my vhosts (it's used only once in one place):

Apache config: 
DBDriver mysql

root@browar: /usr/ports/devel/apr1 # apachectl status ; apachectl graceful ; sleep 1 ; apachectl status
apache24 is running as pid 59683.
Performing sanity check on apache24 configuration:
Syntax OK
Performing a graceful restart
apache24 is running as pid 59683.
root@browar: /usr/ports/devel/apr1 # apachectl status ; apachectl graceful ; sleep 1 ; apachectl status
apache24 is running as pid 59683.
Performing sanity check on apache24 configuration:
Syntax OK
Performing a graceful restart
apache24 is not running.
root@browar: /usr/ports/devel/apr1 # apachectl start
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
root@browar: /usr/ports/devel/apr1 # apachectl status
apache24 is not running.


So it's not possible to start apache again. It instantly crashes silently with coredump.
The solution is to comment the line:

Apache config: 
# DBDriver mysql

Then apache is able to start again.


root@browar: /usr/ports/devel/apr1 # apachectl start
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
root@browar: /usr/ports/devel/apr1 # apachectl status
apache24 is running as pid 63347.


Some system info:


root@browar: /usr/ports/devel/apr1 # uname -a
FreeBSD browar.ITit.dk 11.3-RELEASE-p7 FreeBSD 11.3-RELEASE-p7 #0: Tue Mar 17 08:32:23 UTC 2020 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
root@browar: /usr/ports/devel/apr1 # pkg info apr apache24 mysql57-server
apr-1.7.0.1.6.1_1
apache24-2.4.43
mysql57-server-5.7.29_1


Any idea ?
Thanks.
 
Somehow i missed this for the first time.
There is something:


[Thu May 21 11:21:42.954301 2020] [mpm_event:notice] [pid 63347:tid 34397577216] AH00493: SIGUSR1 received. Doing graceful restart
[Thu May 21 11:21:43.041782 2020] [:notice] [pid 16508:tid 34397577216] FastCGI: process manager initialized (pid 16508)
[Thu May 21 11:21:43.045104 2020] [mpm_event:notice] [pid 63347:tid 34397577216] AH00489: Apache/2.4.43 (FreeBSD) mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_wsgi/4.5.24 Python/2.7 OpenSSL/1.0.2s-freebsd configured -- resuming normal
[Thu May 21 11:21:43.045135 2020] [core:notice] [pid 63347:tid 34397577216] AH00094: Command line: '/usr/local/sbin/httpd'
[Thu May 21 11:21:43.048655 2020] [dbd:error] [pid 16509:tid 34397577216] (20014)Internal error (specific information not available): AH00633: failed to initialise
[Thu May 21 11:21:43.048675 2020] [dbd:crit] [pid 16509:tid 34397577216] (20014)Internal error (specific information not available): AH00636: child init failed!
[Thu May 21 11:21:44.091602 2020] [dbd:error] [pid 16522:tid 34397577216] (20014)Internal error (specific information not available): AH00633: failed to initialise
[Thu May 21 11:21:44.091617 2020] [dbd:crit] [pid 16522:tid 34397577216] (20014)Internal error (specific information not available): AH00636: child init failed!
[Thu May 21 11:21:44.091625 2020] [dbd:error] [pid 16523:tid 34397577216] (20014)Internal error (specific information not available): AH00633: failed to initialise
[Thu May 21 11:21:44.091644 2020] [dbd:crit] [pid 16523:tid 34397577216] (20014)Internal error (specific information not available): AH00636: child init failed!
[Thu May 21 11:21:45.092404 2020] [dbd:error] [pid 16524:tid 34397577216] (20014)Internal error (specific information not available): AH00633: failed to initialise
[Thu May 21 11:21:45.092422 2020] [dbd:crit] [pid 16524:tid 34397577216] (20014)Internal error (specific information not available): AH00636: child init failed!



I have changed the driver to sqlite3 for test, and it doesn't crash.
Seems to be related to mysql driver
 
Some debug from httpd.core

Code: 
(gdb)  thread apply all bt full

Thread 1 (process 100562):
#0  0x0000000801d316cc in strcmp () from /lib/libc.so.7
No symbol table info available.
#1  0x0000000805f1bccd in lh_insert () from /lib/libcrypto.so.8
No symbol table info available.
#2  0x0000000805f25eae in OBJ_NAME_add () from /lib/libcrypto.so.8
No symbol table info available.
#3  0x000000080a4083d8 in OPENSSL_init_ssl () from /usr/local/lib/libssl.so.11
No symbol table info available.
#4  0x00000008019d3658 in pthread_once () from /lib/libthr.so.3
No symbol table info available.
#5  0x000000080aa0c599 in CRYPTO_THREAD_run_once () from /usr/local/lib/libcrypto.so.11
No symbol table info available.
#6  0x000000080a408262 in OPENSSL_init_ssl () from /usr/local/lib/libssl.so.11
No symbol table info available.
#7  0x000000080a40d1a4 in SSL_CTX_new () from /usr/local/lib/libssl.so.11
No symbol table info available.
#8  0x00000008058865f0 in ?? () from /usr/local/libexec/apache24/mod_ssl.so
No symbol table info available.
#9  0x0000000805884846 in ?? () from /usr/local/libexec/apache24/mod_ssl.so
No symbol table info available.
#10 0x0000000805883fa4 in ?? () from /usr/local/libexec/apache24/mod_ssl.so
No symbol table info available.
#11 0x000000000045c58f in ap_run_post_config ()
No symbol table info available.
#12 0x00000000004359d6 in main ()
No symbol table info available.
 
A crash in strcmp() smells very stong like a buffer overflow. Even worse that it was called by libcrypto in the course of SSL initialization. This might be a security flaw. To begin with, stcmp() should not be used anymore, by serious software, but instead strncmp() should be used througout for preventing buffer overflows.
 
bt is just backtrace.
I did load the executable and httpd.core before. But the outpus ir removed because it does not show anything useable (i think).
 
You must log in or register to reply here.
Back
Top