Bug#384622: debian patch renders MIME::Lite unusable under mod_perl

Martin Gruner martin.gruner at interred.de
Fri Aug 25 14:22:54 UTC 2006


Package: libmime-lite-perl
Version: 3.01-7
Severity: grave

The Debian libmime-lite-perl package contains the following workaround
for MIME::Lite programming errors:

########################################

--- libmime-lite-perl-3.01.orig/lib/MIME/Lite.pm
+++ libmime-lite-perl-3.01/lib/MIME/Lite.pm
@@ -334,7 +334,10 @@
             $VERSION
             );

+# Don't affect the environment for any invoking script
+local %ENV = %ENV;

+$ENV{PATH} = '/bin:/usr/bin';


########################################

This leads to segfaults of apache2 if used under mod_perl2. It
effectively deletes %ENV, so that script which uses MIME::Lite works
well if called for the first time, but dies at the second call (under
mod_perl, scripts stay in memory).
A sample apache2 backtrace:

#0  0x405c1fb4 in modperl_env_request_tie () from /usr/lib/apache2/modules/mod_perl.so
#1  0x405b3629 in modperl_response_handler_cgi () from /usr/lib/apache2/modules/mod_perl.so
#2  0x08078375 in ap_run_handler ()
#3  0x08078980 in ap_invoke_handler ()
#4  0x08069c6a in ap_process_request ()
#5  0x0806512d in _start ()
#6  0x093ccd58 in ?? ()
#7  0x00000004 in ?? ()
#8  0x093ccd58 in ?? ()
#9  0x405cc210 in modperl_process_connection_handler () from /usr/lib/apache2/modules/mod_perl.so
#10 0x080835c5 in ap_run_process_connection ()
#11 0x08076974 in ap_graceful_stop_signalled ()
#12 0x08076b8b in ap_graceful_stop_signalled ()
#13 0x08076be8 in ap_graceful_stop_signalled ()
#14 0x0807745a in ap_mpm_run ()
#15 0x0807da8d in main ()

Please fix this. A sarge fix would be nice too. This can be used for
local DOS attacks on mod_perl2 servers.


Best regards,

Martin Gruner





More information about the pkg-perl-maintainers mailing list