[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Apache web server use after free bugs (unfixed)
From:       Craig Young <cyoung () tripwire ! com>
Date:       2019-01-21 12:29:47
Message-ID: MW2PR02MB378825576FA4EE8917BAE85CAA9F0 () MW2PR02MB3788 ! namprd02 ! prod ! outlook ! com
[Download RAW message or body]


The tpp.c error and child abort are also logged when testing without pool debugging or ASAN.

-Craig
________________________________
From: Florian Weimer <fweimer@redhat.com>
Sent: Monday, January 21, 2019 3:23:22 AM
To: Hanno Böck
Cc: oss-security@lists.openwall.com
Subject: Re: [oss-security] Apache web server use after free bugs (unfixed)

* Hanno Böck:

> threading related error
> =======================
>
> In addition to the ASAN use after free reports, httpd logs threading
> related errors:
>
> AH00052: child pid [pid] exit signal Aborted (6)
> apache2: tpp.c:84: __pthread_tpp_change_priority: Assertion `new_prio
> == -1 || (new_prio >= fifo_min_prio && new_prio <= fifo_max_prio)'
> failed.

This can happen if the mutex data is corrupted, so it's possible this
also caused by a use-after-free issue (if the memory is reallocated and
overwritten before the mutex operation that causes the assertion
failure).

Did you observe this with the pool debugger only?

Thanks,
Florian


[prev in list] [next in list] [prev in thread] [next in thread]