Another flaw in Apache?

From: Jedi/Sector One (jat_private)
Date: Sat Jun 22 2002 - 12:11:18 PDT

  • Next message: Armish: "Re: login yahoogroups."

            Hello.
    
      While playing with the SetEnv directive with Apache, I noticed that httpd
    processes are dying with a signal 11 if the data stored in an environment
    variable was too long.
    
      I simply triggered the bug by creating a .htaccess file (so a regular user
    can do it) with :
    
    SetEnv DATE_LOCALE "******************************************..."
    
      The string was 12288 bytes long in my test, but the bug probably occurs
    with shorter strings as well.
    
      Then, trying to access a file in the same directory added these lines to
    the error log :
    
    [Sat Jun 22 20:59:32 2002] [notice] child pid 22311 exit signal Segmentation
    fault (11)
    [Sat Jun 22 20:59:51 2002] [notice] child pid 9935 exit signal Segmentation
    fault (11)
    [Sat Jun 22 20:59:56 2002] [notice] child pid 13005 exit signal Segmentation
    fault (11)
    
      Environment : OpenBSD 3.1/x86, Apache 1.3.24+recent fixes from -stable .
    
      Does anyone know what's causing the segmentation fault here?
      
    -- 
     __  /*-      Frank DENIS (Jedi/Sector One) <j@42-Networks.Com>     -*\  __
     \ '/    <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a>    \' /
      \/  <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a>  \/
    



    This archive was generated by hypermail 2b30 : Sat Jun 22 2002 - 12:14:23 PDT