Apache Week
   

Copyright 1996-2005
Red Hat, Inc.

First published: 20th September 1996

Bugs in 1.1.1

The next version of Apache will be 1.2. This will include a lot of new features, as previewed in our Apache 1.2 article (from issue 29). It will also fix most of the outstanding bugs identified in 1.1.1. In this issue we summarise these bugs sorting them by affected function.

There are quite a few bugs listed here, but most will not have a serious affect on most setups. Many are restricted to specific operating systems, or to particular configurations and modules. It should be remembered that Apache 1.1.1 is a stable release and most users are unlikely to come across these bugs.

For each bug we have tried to identify its current status in the latest development version of Apache. If the bug is followed by the word FIXED then the bug has been fixed and tested. If the status is VERIFIED then the bug exists but has not yet been fixed (although in many cases a fix will be in progress or undergoing initial testing). If neither word is present, then the bug has not been verified or fixed. We have tried to ensure that only real bugs are listed here, but the Apache group receives quite a few bug reports, many of which relate to incorrectly configured systems or which are caused by the operating system or other software.

Apache Core

These bugs affect the operation of the core server, or are related to low-level networking or operating system interaction.

  • DNS Failure causes core dump
    Apache can core dump if it cannot obtain the local hostname from the ServerName directive or from the DNS. FIXED.
  • High Load Problems
    At startup Apache forks the initial children. If it fails to fork (perhaps because of resource limitations), it immediately tries again, which can make the load situation worse. FIXED.
    A race condition can cause occasional hung processes on very high load systems. VERIFIED.
  • Memory allocation failure causes core dump
    The memory allocation return value is not checked which could cause core dumps. FIXED.
  • ErrorDocuments
    ErrorDocument redirect fails, displays filename. FIXED
    Docs claim %s in ErrorDocument string prints reason for error - no code to implement this. VERIFIED
    ErrorDocument displays " in string message. FIXED
  • Executing sub-programs
    When a sub-program is about to be run, Apache checks for correct permissions, but it does not account for other groups that the current user might be in.
  • Scoreboard
    Scoreboard sometimes out of date (shows PID of children

Access Checking

  • Domains Starting with Numbers
    Hostnames starting with a number (e.g. 123.domain.com) are incorrectly treated as IP addresses. VERIFIED.
  • Domain name capitalisation
    Domain names on allow and deny lines are not compared case-insensitively. VERIFIED.

HTTP Protocol

  • Expires Header
    Apache is not setting Expires header on 304 responses FIXED
  • Continuation Headers
    Doesn't support HTTP continuation headers FIXED
  • Keep Alives
    Netscape Navigator 2 has bugs in its keepalive support, so Apache should turn off keepalives when accessed from Navigator 2. FIXED.

Proxy Module

The proxy module has been extensively modified since 1.1.1 to correct a large number of problems and omissions.

Logging

  • NULL requests logged
    Report of request "NULL" being logged in access log
  • Missing Hits
    Reports of access_log missing some hits (possibly related to keepalives)
  • ErrorLog
    ErrorLog | does not work. VERIFIED.

Other Module Bugs

  • Imagemap Module
    • Long URLs (>100 chars) can cause buffer overflows (possible core dump) VERIFIEDo

  • Status Module
    • Can gives wrong start-up time on some systems
    • Core dumps on a few systems (OSF, SCO)
    • Wraps bytes total at 4.2GB FIXED
    • Transfer bytes per second figures wrong FIXED

  • Negotiation Module
    • Language negotiation doesn't work for cgi scripts without extensions, which are in a valid ScriptAlias directory.
    • Charset negotiation is not implemented. VERIFIED.
    • Language negotiation doesn't match languages against sub-languages, i.e. it treats en and en-US as completely different languages. FIXED.

  • Directory Index Module
    • Core dump on Solaris 2 with empty directories
    • Truncating file size in listing (e.g. 1.8Mb is displayed as 1Mb) FIXED

  • Userdir
    • UserDir cannot handle certain configurations, such as http://10.1.2.3/~* VERIFIED

  • Includes Module
    • Possible mod_include bug causing core dumps if SSI include fails due to incorrect .htaccess directive
    • Current working directory can change while processing includes

OS Specific Bugs

These bugs are related to specific operating systems.

  • A/UX: Linger close fails on A/UX FIXED
  • AIX: Compile warning for SERVICE_UNAVAILABLE FIXED
  • Apollo Domain: Some compilation errors on Apollo Domain
  • Digital Unix/OSF: V4.0 requires -lm because the frexp() function has been removed from libc.so. Incompatible pointer type warning.
  • IRIX: IRIX kernel fails to notify Apache of dead children FIXED
  • Linux: File descriptor bug causing SEGV in includes module. FIXED.
  • NeXTSTEP: support/logresolve.c does not compile because of strdup
  • OS/2: Simplified code for OS/2 FIXED. OS/2 filesystem is case-independent, can cause URLs to fail to match protection limitations
  • QNX: Missing prototypes for QNX FIXED.
  • SCO: Dumps core in status module with a Floating exception when compiled with -DSTATUS on SCO ODT 3.0
  • SGI: Compile warning in http_bprintf FIXED
  • Ultrix: Compile error in http_main.c
  • UnixWare: Configuration updated for UnixWare (needs NEED_LINGER)

Miscellaneous

  • Example URLs for status and info
    Example URLs for status and info pages (/status and /info) can intercept other URLs (e.g. anything in a directory called /info or /information). FIXED.
  • ScriptAlias and PATH_INFO problem
    Bug in the SCRIPT_NAME passed to CGI where the ScriptAlias directory included some PATH_INFO. FIXED
  • VHosts
    Host: header can override IP virtual hosts to give access to other vhosts's information. VERIFIED.
    IP-based Virtual hosts on main IP address but different ports not working. VERIFIED.
  • Directives with on/off arguments
    Directives that taken an argument that is either "on" or "off" infact accepted any argument. FIXED.
  • Default configuration mime types can conflict with encodings
    Default mime.types contains content-types for gz and Z extensions, but should be given as encodings with AddEncoding. FIXED
  • Port directive
    Apache accepts non-numeric Port number. FIXED.
  • Authoritative misspelt
    Spelling of authoritative (as authorative) wrong in auth_anon and auth_msql FIXED.

Possible Bugs

Finally, a few bugs reports cannot by verified or discounted. That is, they may or may not exist, but cannot be reliably reproduced. While they may be Apache bugs, they could also be bugs in the operating system, or problems related to particular load conditions or configurations. Any further information about these possible bugs should be reported on the apache-bugs email address or Web page.

  • CGIs intermittently fail with 'premature end of file error' on site with 100 vhosts. Occurs even with low load.
  • Server will not respond after a few days of running. Instead of the 5 processes typically running, there is only one. Server accepts the requests, but never responds. This site makes heavy use of CGIs (>50% of all requests).
  • Some hits are not logged in the access_log, or logged as "NULL".

Comments or criticisms? Please email us at editors@apacheweek.com