Ubuntu
apache2 package

Bug #224945
Comment #13

Comment 13 for bug 224945

Revision history for this message

Chuck Short (zulcss) wrote on 2008-05-13:

#13

Patch that fixes the issue. Edit (1.2 KiB, text/plain)

Depending on the system load apache with apache-mpm-worker and mod_ssl enabled will cause ssl to run out of memory and crash. The following patch resolves this issue. It will be needed to be ported to intrepid since it is also vulnerable to this condition.

Steps to reproduce: (TEST CASE)

1. Install apache-mpm-worker and ssl-cert
2. Confgure the SSL cert according to https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html.
3. Use the following config in your /etc/apache2/sites-enabled/default.

NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/ssl/certs/ssl.pem
DocumentRoot /var/www
<Directory />
Options Indexes
</Directory>
</VirtualHost>

4. Run the following command:

ab -n 100000 -c 20 -f tls1 https://<ip address>:443/

You should get OOM errors in a couple of minutes of running the test.

If you have any questions let me know.

Regards
chuck

Ubuntuapache2 package

Comment 13 for bug 224945

Ubuntu
apache2 package