000021342 - How to run Apache web server with RSA SecurID protection and other plugin modules

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021342
Applies ToSun Solaris 2.8
RSA ACE/Agent for Web (Apache)
Apache 1.3.26
IssueHow to run Apache web server with RSA SecurID protection and other plugin modules
Error: "The page cannot be displayed" in Web browser
Error: "[Fri Jul 19 15:03:42 2002] [notice] child pid 10263 exit signal Segmentation Fault (11)"
CauseAn Apache web server running a variety of additional modules may have problems where each individual module will run correctly but in combination with others causes problems. A problem has been observed when the ACE/Agent for Web (Apache) is used with other modules where a Segmentation violation occurs. When the ACE/Agent for Web (Apache) is installed on an Apache server, it tells the Apache web server to add all common (CGI) headers to the inbound HTTP request, and the Apache web server carries this function out regardless of whether the variables are valid. If another module then uses one of the invalid variables, the segmentation fault will occur. An example of such a variable is SCRIPT_FILENAME.
ResolutionThe most appropriate place to correct this fault is within the code of the main Apache web server at the end of the ap_add_common_vars function declaration within src/main/util_script.c, for example:
   ...
   for(int i=0; i < hdrs_arr->nelts; ++i)
   {
       char *key = hdrs[i].key;
       char *value = hdrs[i].val;
       if(value == NULL)
       {
           ap_table_unset(e,key);
       }
   }
   ...

This will ensure the ap_add_common_vars function did not generate null values.

A similar trap might also be built into the start of any additional module being used by the Apache web server.

RSA Security recognizes that as with the ACE/Agent module, many other modules also come precompiled, thus such solutions are not available. In this situation, a special patch has been released by RSA Security where the trapping of illegal values is carried out from within the ACE/Agent. This patch is available under reference tst00030189.
Legacy Article IDa12228

Attachments

    Outcomes