Hello!
I represent Helicon Tech company, we are developers of Helicon Ape product: https://www.helicontech.com/ape/
Some of our clients trapped onto a problem with the code that works fine in previous versions of IIS, but crashes IIS 8.5 on Windows 2012 R2. After tracking down the issue and numerous attempts to fix it from our side we had to remove part of the functionality form our product to avoid this crash. Unfortunately this functionality is required by many of our users, so I was hoping Microsoft may fix this bug from IIS side. Here is an explanation:
There seem to be some sort of memory corruption that creates a postponed crash in IIS 8.5 when some Server Variables are set from .NET 4+ module using IIS API. We tracked down the issue to System.Web.Hosting.UnsafeIISMethods.MgdGetServerVariableA and System.Web.Hosting.UnsafeIISMethods.MgdSetServerVariableW functions pair (we never call them directly). Possibly it has something to do with different encoding - note when server variable is set the wide-char (W) version of function is used (there is no ANSI version of MgdSetServerVariableW, and when reading server variable ANSI version is used (this is only a supposition). Anyway, after our module finishes user authentication and sets some server variables, IIS 8.5 will then crash with memory corruption, on a later stages of request processing from other, not related to our product code, while calling to System.Web.Hosting.UnsafeIISMethods.MgdGetServerVariableA function.
To reproduce this issue please download this file: https://s3-eu-west-1.amazonaws.com/uploads-eu.hipchat.com/50761/364921/WNbvv7Fe1Lg6TPM/IISSetEnvCrash.zip
It includes version of our product already with configurations and web.config file. You will need to simply create a web site on Win 2012 R2 with .NET 4 application pool and put these files in the root. Make a request to the site, use test:test to authenticate and IIS should crash after authentication.
The problem is really annoying as all our attempts to fix it from our side by wrapping set server variables operations or moving this operation on other processing stages didn't help. I will happily provide you with further information if needed.
Thank you!