Bug 235296 - www/nginx: spnego-http-auth-nginx-module crashes worker process due to read-after-free
Summary: www/nginx: spnego-http-auth-nginx-module crashes worker process due to read-a...
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Jochen Neumeister
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-01-29 14:01 UTC by topical
Modified: 2019-02-26 22:29 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (joneum)


Attachments
Patch to remove obsolete (broken) putenv() code. (1.18 KB, patch)
2019-01-29 14:04 UTC, topical
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description topical 2019-01-29 14:01:26 UTC
The current version uses putenv() to pass the name of the keytab to GSS.

Incorrectly, it assumes that putenv() creates a copy of the passed string. This leads to corruption of environment variables and eventually to a core dump. Usually, this happens unnoticed due to the auto-recovery feature of nginx work process.

Actually, putenv isn't really needed anymore and the affected code can be removed safely.
Comment 1 topical 2019-01-29 14:04:01 UTC
Created attachment 201506 [details]
Patch to remove obsolete (broken) putenv() code.

Need to add the following files to "Makefile.extmod" to activate patch:

HTTP_AUTH_KRB5_EXTRA_PATCHES=   ${PATCHDIR}/extra-patch-spnego-http-auth-nginx-module-config \
                                ${PATCHDIR}/extra-patch-spnego-http-auth-nginx-no-putenv
Comment 2 topical 2019-02-26 16:35:51 UTC
Is there anything else needed to apply the patch to the ports tree?