Ubuntu
libapache2-mod-auth-pgsql package

Encrypted password causes segmentation fault

Bug #1698758 reported by John Bester
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libapache2-mod-auth-pgsql (Debian)
Fix Released
Unknown
libapache2-mod-auth-pgsql (Ubuntu)
Fix Released
High
Andreas Hasenack
Trusty
Fix Released
High
Andreas Hasenack
Xenial
Fix Released
High
Andreas Hasenack
Zesty
Fix Released
High
Andreas Hasenack

Bug Description

[Impact]
The libapache2-mod-auth-pgsql module will cause a segfault error in apache if its encrypted support is enabled ("Auth_PG_encrypted on") and a hash format not supported by crypt(3) is used.

Since this is an apache module, users might be tempted to use htpasswd(1) to generate such hashes. The option to generate SHA hashes (-s) in particular will generate a hash incompatible with crypt(3), which will then return NULL and cause the segfault in unpatched versions of this apache module.

The fix catches the situation when crypt(3) returns NULL and logs the event as an unsupported hash type being found, and denies the login.

[Test Case]

* install the packages on the Ubuntu release you are testing:
$ sudo apt install apache2 libapache2-mod-auth-pgsql postgresql

* create the database and populate it with the test users from the attached test-users.sql file:
$ sudo -u postgres -H createdb userdb
$ sudo -u postgres -H psql userdb -f test-users.sql

* Create the DB user we will use:
$ sudo -u postgres -H psql postgres -c "CREATE ROLE www UNENCRYPTED PASSWORD 'password' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;"

* Grant access:
$ sudo -u postgres -H psql userdb -c "GRANT SELECT ON TABLE userlogin TO www;"

* Create the /var/www/html/.htaccess file with this content:
AuthType basic
AuthName "My Auth"
Require valid-user
AuthBasicProvider pgsql
Auth_PG_authoritative On
Auth_PG_host 127.0.0.1
Auth_PG_port 5432
Auth_PG_user www
Auth_PG_pwd password
Auth_PG_database userdb
Auth_PG_encrypted on
Auth_PG_pwd_table UserLogin
Auth_PG_uid_field Username
Auth_PG_pwd_field ApachePassword

* Setup access in apache by editing /etc/apache2/sites-enabled/000-default.conf and adding these lines somewhere inside the <virtualhost> section:

<Directory /var/www/html>
    AllowOverride AuthConfig
</Directory>

* Enable the mod-auth-pgsql module:
$ sudo a2enmod 000_auth_pgsql

* Restart apache:
$ sudo service apache2 restart

To try each test login, use a loop like this:

$ for u in ubuntu-invalidhash ubuntu-md5 ubuntu-sha256 ubuntu-sha512 ubuntu-des; do echo -n "Testing $u... "; curl -f http://$u:secret@localhost/ -o /dev/null -s; echo $?; done
Testing ubuntu-invalidhash... 52
Testing ubuntu-md5... 0
Testing ubuntu-sha256... 0
Testing ubuntu-sha512... 0
Testing ubuntu-des... 0

Error 52 means "empty reply from server". That's when apache segfaulted:
[Wed Jul 19 19:28:13.808711 2017] [core:notice] [pid 9499:tid 140330145511296] AH00051: child pid 9677 exit signal Segmentation fault (11), possible coredump in /etc/apache2

With the fixed version of libapache2-mod-auth-pgsql, the test loop will just record a normal authentication problem for the ubuntu-invalidhash user (since the hash is not supported) instead of an "empty reply from server":

$ for u in ubuntu-invalidhash ubuntu-md5 ubuntu-sha256 ubuntu-sha512 ubuntu-des; do echo -n "Testing $u... "; curl -f http://$u:secret@localhost/ -o /dev/null -s; echo $?; done
Testing ubuntu-invalidhash... 22
Testing ubuntu-md5... 0
Testing ubuntu-sha256... 0
Testing ubuntu-sha512... 0
Testing ubuntu-des... 0

And we get this fact logged:
[Wed Jul 19 19:38:56.547337 2017] [auth_pgsql:error] [pid 10035:tid 140550732678912] [client 127.0.0.1:56946] [mod_auth_pgsql.c] - ERROR - PG user ubuntu-invalidhash: unsupported CRYPT format

[Regression Potential]
The patch seems pretty straight forward and uses a well documented crypt(3) return value in the case of errors.

This is a very old module that hasn't been built in a while (see [other info] below. It's possible that just by rebuilding it with the new environment available in each ubuntu release since vivid could introduce unknowns. Hopefully, if that happens, it will be immediately noticed by the people who use it and will test this SRU.

[Other Info]

Upstream doesn't have a bugtracker or public code hosting that I could find, so I forwarded the patch via email. No response so far.

This module hasn't been rebuilt since vivid and seems unmaintained, being at version 2.0.3 since the precise days:
 libapache2-mod-auth-pgsql | 2.0.3-5build2 | precise
 libapache2-mod-auth-pgsql | 2.0.3-6 | trusty
 libapache2-mod-auth-pgsql | 2.0.3-6.1 | vivid
 libapache2-mod-auth-pgsql | 2.0.3-6.1 | xenial
 libapache2-mod-auth-pgsql | 2.0.3-6.1 | yakkety
 libapache2-mod-auth-pgsql | 2.0.3-6.1 | zesty
 libapache2-mod-auth-pgsql | 2.0.3-6.1ubuntu1 | artful

- Debian's last changelog entry is from August 2013
- Fedora killed it in July 2011
- I couldn't find it in SuSE

See original description
Revision history for this message
John Bester (john-bester) wrote :
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Confirmed in my xenial testing:

==> /var/log/apache2/error.log <==
[Tue Jun 20 18:44:20.612899 2017] [core:notice] [pid 7038:tid 140431534086016] AH00051: child pid 7041 exit signal Segmentation fault (11), possible coredump in /etc/apache2

Changed in apache2 (Ubuntu):
importance: Undecided → High
status: New → Triaged
tags: added: server-next
Andreas Hasenack (ahasenack)
Changed in apache2 (Ubuntu):
assignee: nobody → Andreas Hasenack (ahasenack)
status: Triaged → In Progress
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

It's segfaulting because of this odd usage of crypt(3):
                        sent_pw = (char *) crypt(sent_pw, real_pw);

That returns NULL, because in the SHA case the real_pw contains the { character which is invalid for the second parameter which is meant to be the salt.

Later on strcmp is used and that's what causes the segfault.

I can't reach the upstream website: http://www.giuseppetanzilli.it/mod_auth_pgsql2/

I wonder if it's abandoned, or just a temporary issue.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Ok, got a better hang of it. crypt(3) can indeed be used like that, but the code needs to check for it returning NULL in the case of errors:
diff --git a/mod_auth_pgsql.c b/mod_auth_pgsql.c
index 0a16e05..4f80917 100644
--- a/mod_auth_pgsql.c
+++ b/mod_auth_pgsql.c
@@ -868,6 +868,12 @@ static authn_status check_password(request_rec *r, const char *user,
                        break;
                case AUTH_PG_HASH_TYPE_CRYPT:
                        sent_pw = (char *) crypt(sent_pw, real_pw);
+ if (!sent_pw) {
+ apr_snprintf(pg_errstr, MAX_STRING_LEN,
+ "PG user %s: password mismatch", user);
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr);
+ return AUTH_DENIED;
+ }
                        break;
                case AUTH_PG_HASH_TYPE_BASE64:
                        sent_pw = auth_pg_base64(sent_pw);

What happened is that the hash format you used, "{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=", is not the type of input crypt(3) expects for the salt argument, hence the NULL return value (and the crash since that wasn't checked for).

The salt argument (the second argument) should either be:
- 2 characters for standard DES from the range [a-zA-Z0-9./]. Note how "{" or "}" are not there
- $id$salt$encrypted, where id means:
              ID | Method
              ────────────────────────────────────────────────────────
              1 | MD5
              2a | Blowfish (not in mainline glibc; added in some
                  | Linux distributions)
              5 | SHA-256 (since glibc 2.7)
              6 | SHA-512 (since glibc 2.7)

So the above patch fixes the crash, but you should use a different type of hash format. {SHA} is not supported. It is supported by apache's apr_password_validate(), but that is not used in this code.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

One can use mkpasswd(1) from the "whois" package (!) to generate these hashes supported by crypt(3):
$ mkpasswd -5 secret
$1$0UiJQbpc$QoJQqJIT1DCHtQYGwJHZh0

$ mkpasswd -m sha-256 secret
$5$.oyALiVLtCvfBa$cvNlH7IxsirDkBN/vIvHB54p0MPwqxSyiulqnYVMxt/

$ mkpasswd -m sha-512 secret $6$mbXQ/gDvUCn$Hs6sz8LAWN3fX1I/MoaJjsYSIYs8tqOUjgoQnXLY4X1dTSlBhbyiJYpTZZDEALXw.hRL97e7l/.xI7qZi0Phe.

and of course plain DES:
$ mkpasswd secret
CYwwQkoOVS3oE

All of the above are supported by libapache2-mod-auth-pgsql's "Auth_PG_hash_type CRYPT".

affects: apache2 (Ubuntu) → libapache2-mod-auth-pgsql (Ubuntu)
Bug Watch Updater (bug-watch-updater)
Changed in libapache2-mod-auth-pgsql (Debian):
status: Unknown → New
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Here is a debdiff for artful

Gianfranco Costamagna (costamagnagianfranco)
Changed in libapache2-mod-auth-pgsql (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libapache2-mod-auth-pgsql - 2.0.3-6.1ubuntu1

---------------
libapache2-mod-auth-pgsql (2.0.3-6.1ubuntu1) artful; urgency=medium

  * d/p/crypt-check-null-1698758.patch: check for a NULL return from crypt(3)
    (LP: #1698758)

 -- Andreas Hasenack <email address hidden> Thu, 22 Jun 2017 14:34:03 -0300

Changed in libapache2-mod-auth-pgsql (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

debdiff for trusty

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Sorry, I need to rework that debdiff to get the same patch that is already applied in the other ubuntu releases. I had updated the dep3 header.

Andreas Hasenack (ahasenack)
Changed in libapache2-mod-auth-pgsql (Ubuntu Trusty):
assignee: nobody → Andreas Hasenack (ahasenack)
Changed in libapache2-mod-auth-pgsql (Ubuntu Xenial):
assignee: nobody → Andreas Hasenack (ahasenack)
Changed in libapache2-mod-auth-pgsql (Ubuntu Zesty):
assignee: nobody → Andreas Hasenack (ahasenack)
Changed in libapache2-mod-auth-pgsql (Ubuntu Trusty):
status: New → In Progress
Changed in libapache2-mod-auth-pgsql (Ubuntu Xenial):
status: New → In Progress
Changed in libapache2-mod-auth-pgsql (Ubuntu Zesty):
status: New → In Progress
Changed in libapache2-mod-auth-pgsql (Ubuntu Trusty):
importance: Undecided → High
Changed in libapache2-mod-auth-pgsql (Ubuntu Xenial):
importance: Undecided → High
Changed in libapache2-mod-auth-pgsql (Ubuntu Zesty):
importance: Undecided → High
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

test users

description: updated
description: updated
description: updated
description: updated
Andreas Hasenack (ahasenack)
description: updated
Andreas Hasenack (ahasenack)
description: updated
description: updated
Andreas Hasenack (ahasenack)
description: updated
Andreas Hasenack (ahasenack)
description: updated
description: updated
Andreas Hasenack (ahasenack)
description: updated
description: updated
Revision history for this message
Chris J Arges (arges) wrote : Please test proposed package

Hello John, or anyone else affected,

Accepted libapache2-mod-auth-pgsql into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/2.0.3-6.1ubuntu0.16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in libapache2-mod-auth-pgsql (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed
Changed in libapache2-mod-auth-pgsql (Ubuntu Trusty):
status: In Progress → Fix Committed
Revision history for this message
Chris J Arges (arges) wrote :

Hello John, or anyone else affected,

Accepted libapache2-mod-auth-pgsql into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/2.0.3-6ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in libapache2-mod-auth-pgsql (Ubuntu Zesty):
status: In Progress → Fix Committed
Revision history for this message
Chris J Arges (arges) wrote :

Hello John, or anyone else affected,

Accepted libapache2-mod-auth-pgsql into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/libapache2-mod-auth-pgsql/2.0.3-6.1ubuntu0.17.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Zesty verification

Crash reproduced with libapache2-mod-auth-pgsql 2.0.3-6.1:

ubuntu@zesty-mod-auth-pgsql-crypt-segfault-1698758:~$ for u in ubuntu-invalidhash ubuntu-md5 ubuntu-sha256 ubuntu-sha512 ubuntu-des; do echo -n "Testing $u... "; curl -f http://$u:secret@localhost/ -o /dev/null -s; echo $?; done
Testing ubuntu-invalidhash... 52
Testing ubuntu-md5... 0
Testing ubuntu-sha256... 0
Testing ubuntu-sha512... 0
Testing ubuntu-des... 0

error log:
ubuntu@zesty-mod-auth-pgsql-crypt-segfault-1698758:~$ tail /var/log/apache2/error.log -n 1
[Thu Aug 03 14:16:55.592332 2017] [core:notice] [pid 4331:tid 139808776572416] AH00051: child pid 4333 exit signal Segmentation fault (11), possible coredump in /etc/apache2

Upgrading to the proposed package:
(...)
Get:1 http://br.archive.ubuntu.com/ubuntu zesty-proposed/main amd64 libapache2-mod-auth-pgsql amd64 2.0.3-6.1ubuntu0.17.04.1 [18.4 kB]
Fetched 18.4 kB in 0s (236 kB/s)
(Reading database ... 28157 files and directories currently installed.)
Preparing to unpack .../libapache2-mod-auth-pgsql_2.0.3-6.1ubuntu0.17.04.1_amd64.deb ...
Unpacking libapache2-mod-auth-pgsql (2.0.3-6.1ubuntu0.17.04.1) over (2.0.3-6.1) ...
Setting up libapache2-mod-auth-pgsql (2.0.3-6.1ubuntu0.17.04.1) ...
apache2_invoke 000_auth_pgsql: already enabled

Retrying the loop:
ubuntu@zesty-mod-auth-pgsql-crypt-segfault-1698758:~$ for u in ubuntu-invalidhash ubuntu-md5 ubuntu-sha256 ubuntu-sha512 ubuntu-des; do echo -n "Testing $u... "; curl -f http://$u:secret@localhost/ -o /dev/null -s; echo $?; done
Testing ubuntu-invalidhash... 22
Testing ubuntu-md5... 0
Testing ubuntu-sha256... 0
Testing ubuntu-sha512... 0
Testing ubuntu-des... 0

Server error logs show no crash, and the unsupported hash format:
[Thu Aug 03 14:20:52.401265 2017] [auth_pgsql:error] [pid 4786:tid 140649768675072] [client 127.0.0.1:41358] [mod_auth_pgsql.c] - ERROR - PG user ubuntu-invalidhash: unsupported CRYPT format
[Thu Aug 03 14:20:52.401536 2017] [auth_basic:error] [pid 4786:tid 140649768675072] [client 127.0.0.1:41358] AH01617: user ubuntu-invalidhash: authentication failure for "/": Password Mismatch

tags: added: verification-done-zesty
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Xenial verification:

Crash confirmed with libapache2-mod-auth-pgsql 2.0.3-6.1:
ubuntu@xenial-mod-auth-pgsql-crypt-segfault-1698758:~$ for u in ubuntu-invalidhash ubuntu-md5 ubuntu-sha256 ubuntu-sha512 ubuntu-des; do echo -n "Testing $u... "; curl -f http://$u:secret@localhost/ -o /dev/null -s; echo $?; done
Testing ubuntu-invalidhash... 52
Testing ubuntu-md5... 0
Testing ubuntu-sha256... 0
Testing ubuntu-sha512... 0
Testing ubuntu-des... 0

apache error log:
ubuntu@xenial-mod-auth-pgsql-crypt-segfault-1698758:~$ tail -n 1 /var/log/apache2/error.log
[Thu Aug 03 14:25:13.785006 2017] [core:notice] [pid 4260:tid 139737623807872] AH00051: child pid 4263 exit signal Segmentation fault (11), possible coredump in /etc/apache2

Installing the package from proposed:
(...)
Get:1 http://br.archive.ubuntu.com/ubuntu xenial-proposed/main amd64 libapache2-mod-auth-pgsql amd64 2.0.3-6.1ubuntu0.16.04.1 [18.5 kB]
Fetched 18.5 kB in 0s (266 kB/s)
(Reading database ... 26956 files and directories currently installed.)
Preparing to unpack .../libapache2-mod-auth-pgsql_2.0.3-6.1ubuntu0.16.04.1_amd64.deb ...
Unpacking libapache2-mod-auth-pgsql (2.0.3-6.1ubuntu0.16.04.1) over (2.0.3-6.1) ...
Setting up libapache2-mod-auth-pgsql (2.0.3-6.1ubuntu0.16.04.1) ...
apache2_invoke 000_auth_pgsql: already enabled

Retrying the loop, this time we get just the auth error:
ubuntu@xenial-mod-auth-pgsql-crypt-segfault-1698758:~$ for u in ubuntu-invalidhash ubuntu-md5 ubuntu-sha256 ubuntu-sha512 ubuntu-des; do echo -n "Testing $u... "; curl -f http://$u:secret@localhost/ -o /dev/null -s; echo $?; done
Testing ubuntu-invalidhash... 22
Testing ubuntu-md5... 0
Testing ubuntu-sha256... 0
Testing ubuntu-sha512... 0
Testing ubuntu-des... 0

apache error log shows the unsupported hash format and no crash:
ubuntu@xenial-mod-auth-pgsql-crypt-segfault-1698758:~$ tail -n 2 /var/log/apache2/error.log
[Thu Aug 03 14:26:49.400099 2017] [auth_pgsql:error] [pid 4747:tid 140520391177984] [client 127.0.0.1:41554] [mod_auth_pgsql.c] - ERROR - PG user ubuntu-invalidhash: unsupported CRYPT format
[Thu Aug 03 14:26:49.400440 2017] [auth_basic:error] [pid 4747:tid 140520391177984] [client 127.0.0.1:41554] AH01617: user ubuntu-invalidhash: authentication failure for "/": Password Mismatch

tags: added: verification-done-xenial
Revision history for this message
Andreas Hasenack (ahasenack) wrote :
Download full text (3.3 KiB)

Trusty verification

Crash confirmed with libapache2-mod-auth-pgsql 2.0.3-6. Curiously, with more than just the "ubuntu-invalidhash" user:
ubuntu@trust-mod-auth-pgsql-crypt-segfault-1698758:~$ for u in ubuntu-invalidhash ubuntu-md5 ubuntu-sha256 ubuntu-sha512 ubuntu-des; do echo -n "Testing $u... "; curl -f http://$u:secret@localhost/ -o /dev/null -s; echo $?; done
Testing ubuntu-invalidhash... 52
Testing ubuntu-md5... 0
Testing ubuntu-sha256... 52
Testing ubuntu-sha512... 0
Testing ubuntu-des... 52

The invalidhash user produced a segfault:
[Thu Aug 03 14:36:27.775572 2017] [core:notice] [pid 6989:tid 140610926643072] AH00051: child pid 8101 exit signal Segmentation fault (11), possible coredump in /etc/apache2

The sha256 and des ones died because of something else:
*** Error in `/usr/sbin/apache2': free(): invalid pointer: 0x00007fe2680007c8 ***
[Thu Aug 03 14:36:59.810618 2017] [core:notice] [pid 6989:tid 140610926643072] AH00051: child pid 8670 exit signal Aborted (6), possible coredump in /etc/apache2

Maybe this is the double free bug #1272857 happening in a non-CGI context, because if I try it multiple times, it works sometimes:
ubuntu@trust-mod-auth-pgsql-crypt-segfault-1698758:~$ curl -f http://ubuntu-sha256:secret@localhost/ -o /dev/null -s;echo $?
0
ubuntu@trust-mod-auth-pgsql-crypt-segfault-1698758:~$ curl -f http://ubuntu-sha256:secret@localhost/ -o /dev/null -s;echo $?
52
ubuntu@trust-mod-auth-pgsql-crypt-segfault-1698758:~$ curl -f http://ubuntu-sha256:secret@localhost/ -o /dev/null -s;echo $?
0
ubuntu@trust-mod-auth-pgsql-crypt-segfault-1698758:~$ curl -f http://ubuntu-sha256:secret@localhost/ -o /dev/null -s;echo $?
52
ubuntu@trust-mod-auth-pgsql-crypt-segfault-1698758:~$ curl -f http://ubuntu-sha256:secret@localhost/ -o /dev/null -s;echo $?
0

Moving on. Let's install the package from proposed:
(...)
Get:1 http://br.archive.ubuntu.com/ubuntu/ trusty-proposed/main libapache2-mod-auth-pgsql amd64 2.0.3-6ubuntu0.1 [18.6 kB]
Fetched 18.6 kB in 0s (0 B/s)
(Reading database ... 26196 files and directories currently installed.)
Preparing to unpack .../libapache2-mod-auth-pgsql_2.0.3-6ubuntu0.1_amd64.deb ...
Unpacking libapache2-mod-auth-pgsql (2.0.3-6ubuntu0.1) over (2.0.3-6) ...
Setting up libapache2-mod-auth-pgsql (2.0.3-6ubuntu0.1) ...
apache2_invoke 000_auth_pgsql: already enabled
 * Restarting web server apache2
   ...done.

No crash now with the auth loop, even if run multiple times:
ubuntu@trust-mod-auth-pgsql-crypt-segfault-1698758:~$ for u in ubuntu-invalidhash ubuntu-md5 ubuntu-sha256 ubuntu-sha512 ubuntu-des; do echo -n "Testing $u... "; curl -f http://$u:secret@localhost/ -o /dev/null -s; echo $?; done
Testing ubuntu-invalidhash... 22
Testing ubuntu-md5... 0
Testing ubuntu-sha256... 0
Testing ubuntu-sha512... 0
Testing ubuntu-des... 0

And the apache error logs show just the expected unsupported crypt format:
ubuntu@trust-mod-auth-pgsql-crypt-segfault-1698758:~$ tail -n 2 /var/log/apache2/error.log
[Thu Aug 03 14:39:30.464138 2017] [auth_pgsql:error] [pid 10843:tid 140107864598272] [client 127.0.0.1:42120] [mod_auth_pgsql.c] - ERROR - PG user ubuntu-invalidhash: unsupported CRYPT format
[...

Read more...

tags: added: verification-done-trusty
Andreas Hasenack (ahasenack)
tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libapache2-mod-auth-pgsql - 2.0.3-6ubuntu0.1

---------------
libapache2-mod-auth-pgsql (2.0.3-6ubuntu0.1) trusty; urgency=medium

  * d/p/fixdoublefree.patch: set freed pointers to NULL before subsequent
    checks against NULL. (LP: #1272857)
  * d/p/crypt-check-null-1698758.patch: check for a NULL return from crypt(3)
    (LP: #1698758)

 -- Andreas Hasenack <email address hidden> Thu, 22 Jun 2017 16:54:09 -0300

Changed in libapache2-mod-auth-pgsql (Ubuntu Trusty):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for libapache2-mod-auth-pgsql has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libapache2-mod-auth-pgsql - 2.0.3-6.1ubuntu0.16.04.1

---------------
libapache2-mod-auth-pgsql (2.0.3-6.1ubuntu0.16.04.1) xenial; urgency=medium

  * d/p/crypt-check-null-1698758.patch: check for a NULL return from crypt(3)
    (LP: #1698758)

 -- Andreas Hasenack <email address hidden> Thu, 22 Jun 2017 16:35:37 -0300

Changed in libapache2-mod-auth-pgsql (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libapache2-mod-auth-pgsql - 2.0.3-6.1ubuntu0.17.04.1

---------------
libapache2-mod-auth-pgsql (2.0.3-6.1ubuntu0.17.04.1) zesty; urgency=medium

  * d/p/crypt-check-null-1698758.patch: check for a NULL return from crypt(3)
    (LP: #1698758)

 -- Andreas Hasenack <email address hidden> Thu, 22 Jun 2017 16:08:38 -0300

Changed in libapache2-mod-auth-pgsql (Ubuntu Zesty):
status: Fix Committed → Fix Released
Robie Basak (racb)
tags: removed: server-next
Bug Watch Updater (bug-watch-updater)
Changed in libapache2-mod-auth-pgsql (Debian):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.