Debian Bug report logs - #1021771
apache2: Accessing to type-map without .var suffix results 500 and apache2 exits

Reply or subscribe to this bug.

Display info messages

Message #5 received at [email protected] (full text, mbox, reply):

From: Shintaro Sakahara <[email protected]>

To: Debian Bug Tracking System <[email protected]>

Subject: apache2: Accessing to type-map without .var suffix results 500 and apache2 exits

Date: Fri, 14 Oct 2022 20:13:43 +0900

Package: apache2
Version: 2.4.54-1~deb11u1
Severity: important

Dear Maintainer,

I recently upgraded my server from Debian 10 to 11 and encountered a problem
where apache2 responded 500 Internal Server Error and then the process exited
when a URL to a type-map, which referenced CGI script as actual content,
without ".var" suffix was getting accessed.

I created a small example using Docker and put on GitHub so that everyone could
easily reproduce this problem.

https://github.com/skhrshin/apache2-crash-example

* Steps to reproduce *

1. Clone the repo into somewhere
2. Run `docker-compose build`
3. Run `docker-compose up`
4. Access to http://localhost:8081/board.cgi with your web browser

* Expected behavior *

A string "OK" is displayed.

* Actual behavior *

Your web browser gets 500 Internal Server Error.
Also, in a few seconds, the apache2 process is terminated.

I'm not sure if the problem is caused solely by apache2 package or by some
other dependencies like apache2-suexec-pristine or libapache2-mpm-itk, but
I don't know how to find it out. So I asked about this issue to Debian-user ML
if there's something I can do, but I could get no answer, so now I'm reporting
it here. Please tell me if something is insufficient and there's a way to
investigate it more.


-- Package-specific info:

-- System Information:
Debian Release: 11.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-18-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apache2 depends on:
ii  apache2-bin          2.4.54-1~deb11u1
ii  apache2-data         2.4.54-1~deb11u1
ii  apache2-utils        2.4.54-1~deb11u1
ii  dpkg                 1.20.12
ii  init-system-helpers  1.60
ii  lsb-base             11.1.0
ii  mime-support         3.66
ii  perl                 5.32.1-4+deb11u2
ii  procps               2:3.3.17-5

Versions of packages apache2 recommends:
ii  ssl-cert  1.1.0+nmu1

Versions of packages apache2 suggests:
pn  apache2-doc              <none>
ii  apache2-suexec-pristine  2.4.54-1~deb11u1
ii  lynx [www-browser]       2.9.0dev.6-3~deb11u1

Versions of packages apache2-bin depends on:
ii  libapr1                  1.7.0-6+deb11u1
ii  libaprutil1              1.6.1-5
ii  libaprutil1-dbd-sqlite3  1.6.1-5
ii  libaprutil1-ldap         1.6.1-5
ii  libbrotli1               1.0.9-2+b2
ii  libc6                    2.31-13+deb11u4
ii  libcrypt1                1:4.4.18-4
ii  libcurl4                 7.74.0-1.3+deb11u3
ii  libjansson4              2.13.1-1.1
ii  libldap-2.4-2            2.4.57+dfsg-3+deb11u1
ii  liblua5.3-0              5.3.3-1.1+b1
ii  libnghttp2-14            1.43.0-1
ii  libpcre3                 2:8.39-13
ii  libssl1.1                1.1.1n-0+deb11u3
ii  libxml2                  2.9.10+dfsg-6.7+deb11u2
ii  perl                     5.32.1-4+deb11u2
ii  zlib1g                   1:1.2.11.dfsg-2+deb11u2

Versions of packages apache2-bin suggests:
pn  apache2-doc              <none>
ii  apache2-suexec-pristine  2.4.54-1~deb11u1
ii  lynx [www-browser]       2.9.0dev.6-3~deb11u1

Versions of packages apache2 is related to:
ii  apache2      2.4.54-1~deb11u1
ii  apache2-bin  2.4.54-1~deb11u1

-- Configuration Files:
/etc/apache2/conf-available/other-vhosts-access-log.conf changed [not included]
/etc/apache2/ports.conf changed [not included]

-- no debconf information

Message #10 received at [email protected] (full text, mbox, reply):

From: Ondřej Surý <[email protected]>

To: Shintaro Sakahara <[email protected]>, [email protected]

Cc: Debian Bug Tracking System <[email protected]>

Subject: Re: Bug#1021771: apache2: Accessing to type-map without .var suffix results 500 and apache2 exits

Date: Fri, 14 Oct 2022 15:32:56 +0200

[Message part 1 (text/plain, inline)]

> On 14. 10. 2022, at 13:13, Shintaro Sakahara <[email protected]> wrote:
> 
> I created a small example using Docker and put on GitHub so that everyone could
> easily reproduce this problem.

Hi,

could you please actually describe the problem into the bugreport?  While having
a reproducer is certainly nice, it's not enough to see what might be the problem.
And you can't expect other people do debug the Docker containers.

Ondrej
--
Ondřej Surý (He/Him)
[email protected]

[Message part 2 (text/html, inline)]

Message #20 received at [email protected] (full text, mbox, reply):

From: Shintaro Sakahara <[email protected]>

To: [email protected]

Subject: Re: Bug#1021771: apache2: Accessing to type-map without .var suffix results 500 and apache2 exits

Date: Sat, 15 Oct 2022 01:34:46 +0900

OK, here is the detailed version of steps to reproduce:

1. Install apache2, apache2-suexec-pristine and libapache2-mpm-itk packages.
2. Disable mpm_event and enable cgid, mpm_prefork and suexec modules.
3. Configure two sites on Apache2.
3-1. For the first one, enable SuexecUserGroup. (000-default in the example)
3-2. For the second one, enable AssignUserID. (001-userid in the example)
4. Enable type-map and CGI on the first site.
5. Place a type-map file whose filename ends with .cgi.var on the first
site. (board.cgi.var in the example)
6. In the type-map file, specify valid URIs to CGI scripts. Also specify
"Content-Type: application/x-httpd-cgi"
7. Using web browser, access to the path to the type-map file on the
first site, without putting .var suffix.
8. You'll see 500 Internal Server Error. Also, apache2 is terminated in
few seconds.

The problems you can confirm in the above steps are two:
 - The server responds 500 instead of running CGI correctly.
   When you access to the path to the type-map file *with* .var suffix,
   CGI is executed correctly.
 - The apache2 process is terminated.
   This has to be more severe than just returning 500.
   This problem doesn't occur if the second site doesn't exist.

In error.log, you'll see errors like below:
[Thu Sep 29 18:32:42.176871 2022] [cgid:error] [pid 209665] (104)Connection reset by peer: AH01248: Error reading request on cgid socket
[Thu Sep 29 18:32:42.177025 2022] [cgid:error] [pid 209704] [client xxx.xxx.xxx.xxx:53380] End of script output before headers: board.cgi
[Thu Sep 29 18:32:43.161802 2022] [cgid:error] [pid 209664] AH01239: cgid daemon process died, restarting
[Thu Sep 29 18:32:44.170387 2022] [mpm_prefork:emerg] [pid 209706] (22)Invalid argument: AH00144: couldn't grab the accept mutex
[Thu Sep 29 18:32:45.170296 2022] [core:alert] [pid 209664] AH00050: Child 209706 returned a Fatal error... Apache is exiting!

Message #23 received at [email protected] (full text, mbox, reply):

From: Hilkom Digital <[email protected]>

To: [email protected]

Subject: Free backlinks clean up to improve ranks

Date: Fri, 2 Aug 2024 02:52:35 +0000

[Message part 1 (text/plain, inline)]

  

Hi there 

I just came across your website and noticed that you have a number of toxic links pointing to it, which can prevent your site from getting ranked properly 

If you would like to attend these with a professional links clean up service, we can help you out, totally free of charge. 

  

Get your free clean up today: 

https://www.hilkom-digital.co/free-cleanup/  (https://www.hilkom-digital.co/free-cleanup/) 

  

  

Regards 
Hilkom Digital Team 

Unsubscribe  (https://clicks.hilkom-digital.co/?na=u&nk=466956-0df9b4f484&nek=16-)    |    Manage your subscription  (https://clicks.hilkom-digital.co/?na=p&nk=466956-0df9b4f484&nek=16-)    |    View online  (https://clicks.hilkom-digital.co/?na=v&nk=466956-0df9b4f484&id=16) 

whatsapp  

[Message part 2 (text/html, inline)]

Send a report that this bug log contains spam.