Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID:
 <MW2PR02MB378825576FA4EE8917BAE85CAA9F0@MW2PR02MB3788.namprd02.prod.outlook.com>
Date: Mon, 21 Jan 2019 12:29:47 +0000
From: Craig Young <cyoung@...pwire.com>
To: Hanno Böck <hanno@...eck.de>,
	"oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: Apache web server use after free bugs (unfixed)


The tpp.c error and child abort are also logged when testing without pool debugging or ASAN.

-Craig
________________________________
From: Florian Weimer <fweimer@...hat.com>
Sent: Monday, January 21, 2019 3:23:22 AM
To: Hanno Böck
Cc: oss-security@...ts.openwall.com
Subject: Re: [oss-security] Apache web server use after free bugs (unfixed)

* Hanno Böck:

> threading related error
> =======================
>
> In addition to the ASAN use after free reports, httpd logs threading
> related errors:
>
> AH00052: child pid [pid] exit signal Aborted (6)
> apache2: tpp.c:84: __pthread_tpp_change_priority: Assertion `new_prio
> == -1 || (new_prio >= fifo_min_prio && new_prio <= fifo_max_prio)'
> failed.

This can happen if the mutex data is corrupted, so it's possible this
also caused by a use-after-free issue (if the memory is reallocated and
overwritten before the mutex operation that causes the assertion
failure).

Did you observe this with the pool debugger only?

Thanks,
Florian

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.