Acknowledgement sent
to Shintaro Sakahara <[email protected]>:
New Bug report received and forwarded. Copy sent to Debian Apache Maintainers <[email protected]>.
(Fri, 14 Oct 2022 11:27:04 GMT) (full text, mbox, link).
Subject: apache2: Accessing to type-map without .var suffix results 500 and apache2 exits
Date: Fri, 14 Oct 2022 20:13:43 +0900
Package: apache2
Version: 2.4.54-1~deb11u1
Severity: important
Dear Maintainer,
I recently upgraded my server from Debian 10 to 11 and encountered a problem
where apache2 responded 500 Internal Server Error and then the process exited
when a URL to a type-map, which referenced CGI script as actual content,
without ".var" suffix was getting accessed.
I created a small example using Docker and put on GitHub so that everyone could
easily reproduce this problem.
https://github.com/skhrshin/apache2-crash-example
* Steps to reproduce *
1. Clone the repo into somewhere
2. Run `docker-compose build`
3. Run `docker-compose up`
4. Access to http://localhost:8081/board.cgi with your web browser
* Expected behavior *
A string "OK" is displayed.
* Actual behavior *
Your web browser gets 500 Internal Server Error.
Also, in a few seconds, the apache2 process is terminated.
I'm not sure if the problem is caused solely by apache2 package or by some
other dependencies like apache2-suexec-pristine or libapache2-mpm-itk, but
I don't know how to find it out. So I asked about this issue to Debian-user ML
if there's something I can do, but I could get no answer, so now I'm reporting
it here. Please tell me if something is insufficient and there's a way to
investigate it more.
-- Package-specific info:
-- System Information:
Debian Release: 11.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-18-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apache2 depends on:
ii apache2-bin 2.4.54-1~deb11u1
ii apache2-data 2.4.54-1~deb11u1
ii apache2-utils 2.4.54-1~deb11u1
ii dpkg 1.20.12
ii init-system-helpers 1.60
ii lsb-base 11.1.0
ii mime-support 3.66
ii perl 5.32.1-4+deb11u2
ii procps 2:3.3.17-5
Versions of packages apache2 recommends:
ii ssl-cert 1.1.0+nmu1
Versions of packages apache2 suggests:
pn apache2-doc <none>
ii apache2-suexec-pristine 2.4.54-1~deb11u1
ii lynx [www-browser] 2.9.0dev.6-3~deb11u1
Versions of packages apache2-bin depends on:
ii libapr1 1.7.0-6+deb11u1
ii libaprutil1 1.6.1-5
ii libaprutil1-dbd-sqlite3 1.6.1-5
ii libaprutil1-ldap 1.6.1-5
ii libbrotli1 1.0.9-2+b2
ii libc6 2.31-13+deb11u4
ii libcrypt1 1:4.4.18-4
ii libcurl4 7.74.0-1.3+deb11u3
ii libjansson4 2.13.1-1.1
ii libldap-2.4-2 2.4.57+dfsg-3+deb11u1
ii liblua5.3-0 5.3.3-1.1+b1
ii libnghttp2-14 1.43.0-1
ii libpcre3 2:8.39-13
ii libssl1.1 1.1.1n-0+deb11u3
ii libxml2 2.9.10+dfsg-6.7+deb11u2
ii perl 5.32.1-4+deb11u2
ii zlib1g 1:1.2.11.dfsg-2+deb11u2
Versions of packages apache2-bin suggests:
pn apache2-doc <none>
ii apache2-suexec-pristine 2.4.54-1~deb11u1
ii lynx [www-browser] 2.9.0dev.6-3~deb11u1
Versions of packages apache2 is related to:
ii apache2 2.4.54-1~deb11u1
ii apache2-bin 2.4.54-1~deb11u1
-- Configuration Files:
/etc/apache2/conf-available/other-vhosts-access-log.conf changed [not included]
/etc/apache2/ports.conf changed [not included]
-- no debconf information
Acknowledgement sent
to Ondřej Surý <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian Apache Maintainers <[email protected]>.
(Fri, 14 Oct 2022 13:36:03 GMT) (full text, mbox, link).
> On 14. 10. 2022, at 13:13, Shintaro Sakahara <[email protected]> wrote:
>
> I created a small example using Docker and put on GitHub so that everyone could
> easily reproduce this problem.
Hi,
could you please actually describe the problem into the bugreport? While having
a reproducer is certainly nice, it's not enough to see what might be the problem.
And you can't expect other people do debug the Docker containers.
Ondrej
--
Ondřej Surý (He/Him)
[email protected]
Acknowledgement sent
to Ondřej Surý <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian Apache Maintainers <[email protected]>.
(Fri, 14 Oct 2022 13:36:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Shintaro Sakahara <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian Apache Maintainers <[email protected]>.
(Fri, 14 Oct 2022 16:45:03 GMT) (full text, mbox, link).
Subject: Re: Bug#1021771: apache2: Accessing to type-map without .var suffix results 500 and apache2 exits
Date: Sat, 15 Oct 2022 01:34:46 +0900
OK, here is the detailed version of steps to reproduce:
1. Install apache2, apache2-suexec-pristine and libapache2-mpm-itk packages.
2. Disable mpm_event and enable cgid, mpm_prefork and suexec modules.
3. Configure two sites on Apache2.
3-1. For the first one, enable SuexecUserGroup. (000-default in the example)
3-2. For the second one, enable AssignUserID. (001-userid in the example)
4. Enable type-map and CGI on the first site.
5. Place a type-map file whose filename ends with .cgi.var on the first
site. (board.cgi.var in the example)
6. In the type-map file, specify valid URIs to CGI scripts. Also specify
"Content-Type: application/x-httpd-cgi"
7. Using web browser, access to the path to the type-map file on the
first site, without putting .var suffix.
8. You'll see 500 Internal Server Error. Also, apache2 is terminated in
few seconds.
The problems you can confirm in the above steps are two:
- The server responds 500 instead of running CGI correctly.
When you access to the path to the type-map file *with* .var suffix,
CGI is executed correctly.
- The apache2 process is terminated.
This has to be more severe than just returning 500.
This problem doesn't occur if the second site doesn't exist.
In error.log, you'll see errors like below:
[Thu Sep 29 18:32:42.176871 2022] [cgid:error] [pid 209665] (104)Connection reset by peer: AH01248: Error reading request on cgid socket
[Thu Sep 29 18:32:42.177025 2022] [cgid:error] [pid 209704] [client xxx.xxx.xxx.xxx:53380] End of script output before headers: board.cgi
[Thu Sep 29 18:32:43.161802 2022] [cgid:error] [pid 209664] AH01239: cgid daemon process died, restarting
[Thu Sep 29 18:32:44.170387 2022] [mpm_prefork:emerg] [pid 209706] (22)Invalid argument: AH00144: couldn't grab the accept mutex
[Thu Sep 29 18:32:45.170296 2022] [core:alert] [pid 209664] AH00050: Child 209706 returned a Fatal error... Apache is exiting!