Package: liblog4cpp5 Version: 1.0-4 Severity: important
Dear Maintainer, * What led up to the situation?Long URLs fed to a 64-bit Apache using libapache2-mod-shib2 that talks to a shibd that has DEBUG logging enabled would result in segfaults. This amounts to a possible DoS.
A backtrace from a core dump gathered returned the following: #0 0x00007f823172bcba in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6 #1 0x00007f82317526a2 in vsnprintf () from /lib/x86_64-linux-gnu/libc.so.6 #2 0x00007f82298785c6 in log4cpp::StringUtil::vform(char const*, __va_list_tag*) () from /usr/lib/liblog4cpp.so.5 #3 0x00007f822986b166 in log4cpp::Category::_logUnconditionally(int, char const*, __va_list_tag*) () from /usr/lib/liblog4cpp.so.5 #4 0x00007f822986a0ce in log4cpp::Category::debug(char const*, ...) () from /usr/lib/liblog4cpp.so.5 #5 0x00007f822a098724 in shibsp::AbstractSPRequest::getRequestSettings() const () from /usr/lib/x86_64-linux-gnu/libshibsp-lite.so.5 #6 0x00007f822a0a0832 in shibsp::ServiceProvider::doAuthentication(shibsp::SPRequest&, bool) const () from /usr/lib/x86_64-linux-gnu/libshibsp-lite.so.5 #7 0x00007f822a62bf56 in shib_check_user () from /usr/lib/apache2/modules/mod_shib_22.so #8 0x00007f8232583090 in ap_run_check_user_id (r=0x7f822baed0a0) at request.c:71 #9 0x00007f8232585346 in ap_process_request_internal (r=r@entry=0x7f822baed0a0) at request.c:214 #10 0x00007f8232598ff8 in ap_process_request (r=r@entry=0x7f822baed0a0) at http_request.c:280 #11 0x00007f8232595f38 in ap_process_http_connection (c=0x7f822dfa4290) at http_core.c:190 #12 0x00007f823258f510 in ap_run_process_connection (c=0x7f822dfa4290) at connection.c:43 #13 0x00007f823258f8f8 in ap_process_connection (c=c@entry=0x7f822dfa4290, csd=<optimized out>) at connection.c:190 #14 0x00007f823259dc2e in child_main (child_num_arg=child_num_arg@entry=2) at prefork.c:667 #15 0x00007f823259e382 in make_child (slot=2, s=0x7f8232528818) at prefork.c:768 #16 make_child (s=0x7f8232528818, slot=2) at prefork.c:696 #17 0x00007f823259eee6 in perform_idle_server_maintenance (p=<optimized out>) at prefork.c:903 #18 ap_mpm_run (_pconf=_pconf@entry=0x7f823252e028, plog=<optimized out>, s=s@entry=0x7f8232528818) at prefork.c:1107 #19 0x00007f8232573826 in main (argc=7, argv=0x7fffcc9f4478) at main.c:755 That led me to the following issue reported by the shib sp: https://issues.shibboleth.net/jira/browse/SSPCPP-432Which refers to a fix in log4shib (revision 84) that was backported from log4cpp (git revs 602dd07..21d4a52).
http://svn.shibboleth.net/view/utilities?view=revision&revision=84 http://sourceforge.net/p/log4cpp/patches/search/?q=2083274As Debian still uses log4cpp with it's squeeze-backports and wheezy builds for libapache2-mod-shib2, the fix requires rebuilding log4cpp with the attached patch.
* What exactly did you do (or not do) that was effective (or
ineffective)?
Turning logging down from DEBUG to INFO works around the problem.
The attached patch fixes the issue even with DEBUG logging enabled.
Let me know if you need any other details.
Thanks,
Brian
-- System Information:
Debian Release: 7.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages liblog4cpp5 depends on:
ii libc6 2.13-38+deb7u1
ii libgcc1 1:4.7.2-5
ii libstdc++6 4.7.2-5
Also installed:
ii libapache2-mod-shib2 2.4.3+dfsg-5+b1
ii apache2-mpm-prefork 2.2.22-13+deb7u1
liblog4cpp5 recommends no packages.
liblog4cpp5 suggests no packages.
-- no debconf information
signature.asc
Description: Digital signature
