[Rt-commit] rt branch, 4.0/dbh-disconnect-after-safe-run-child, created. rt-4.0.3-41-ge96831c

Alex Vandiver alexmv at bestpractical.com
Wed Nov 9 10:11:50 EST 2011


The branch, 4.0/dbh-disconnect-after-safe-run-child has been created
        at  e96831cf8f457b1601dc778cc336d43105f7a38b (commit)

- Log -----------------------------------------------------------------
commit e96831cf8f457b1601dc778cc336d43105f7a38b
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Wed Nov 9 02:35:34 2011 -0500

    Restore database disconnection state after successful safe_run_child
    
    RT::Util's safe_run_child sets its database handles to not disconnect
    themselves if they are destroyed, before calling the provided function
    which may fork and exec.  It explicitly re-enables those bits prior to
    die'ing if the exec fails, to ensure that the database handle is torn
    down correctly during the global destruction that would shortly ensue.
    
    However, it fails to re-instate those bits after a _successful_ call.
    This leaves the main database handle in a state where it does not tear
    down the connection during global destruction.
    
    This is particularly destructive in the case where:
      (a) RT uses PostgreSQL as its backend database
      (b) The database connection to PostgreSQL uses SSL, as is the default
          if the server supports it
      (c) The RT server is embedded into the Apache server using mod_perl
      (c) Apache has also loaded the SSL libraries for HTTPS support
    
    This causes libcrypto.so to be used in two places in the Apache process,
    by both Perl's binary PostgreSQL driver as well as core Apache's; they
    thus share some internal state.  The lack of orderly teardown of the
    SSL-enabled database connection causes corruption in the SSL engine's
    internal state during the Apache shutdown process, which could lead to
    segmentation faults in Apache.
    
    Resolve this by explicitly re-instating the disconnect-on-destroy flags
    after a successful safe_run_child.

diff --git a/lib/RT/Util.pm b/lib/RT/Util.pm
index d2220c8..70d4625 100644
--- a/lib/RT/Util.pm
+++ b/lib/RT/Util.pm
@@ -93,6 +93,8 @@ sub safe_run_child (&) {
         #TODO we need to localize this
         die 'System Error: ' . $err;
     };
+    $dbh->{'InactiveDestroy'} = 0 if $dbh;
+    $RT::Handle->{'DisconnectHandleOnDestroy'} = 1;
     return $want? (@res) : $res[0];
 }
 

-----------------------------------------------------------------------


More information about the Rt-commit mailing list