logout triggers segmentation fault on CentOS-6
Closed this issue · 2 comments
Hi there
I'm installed mod_mellon-0.8 on CentOS-6 with lasso-2.3.6-1 and have it successfully protecting a directory. This web server is behind a mod_proxy Apache reverse proxy
It's all working, but when anyone logs out of the IdP (triggering a SSLO event), they end up on the reverse proxy error page saying that a 502 proxy error has occurred. The reverse proxy logs show
proxy: Error reading from remote server returned by /wiki/endpoint/logout, referer: https://idp.server/
The actual mod_mellon webserver error_log shows
child pid 3680 exit signal Segmentation fault (11)
I've cranked up "LogLevel debug" but all that seems to show is packet content - I can't see any real root cause of the segfault.
As it's all over HTTPS, I can't even use a sniffer to see what's happening, but it "feels" like when the reverse proxy sends the HTTPS request to the mod_mellon server, it gets the SSL layer up but then exits with no content? I've tried making the reverse proxy run in HTTP/1.0 mode as well as HTTP/1.1 - didn't make a difference. I've also looked with Firefox SAML Tracer and when it gets to the final URL request, that shows it's doing a "<samlp:LogoutRequest" - but that results in the 502 error
To reiterate, it's all working everywhere else - just the IdP-initiated logout bit seems broken.
Hi, sorry for the late response to this issue -- I have just returned from a vacation.
I believe this error is fixed in commit d1ab7e2. I had implemented a fix for it earlier, but was waiting for confirmation that my change actually fixed the problem. If you have the opportunity to test this patch, that would be great. If not, I will just assume that it fixes the problem, and close this issue after a while.
This issue was more complicated -- there were several bugs which affected the logout code in 0.8.0. I have now released version 0.9.0, which should fix this problem.