httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 32529] New: - ProxyPass segmetation fault on SMP x86_64
Date Sat, 04 Dec 2004 04:31:09 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=32529>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=32529

           Summary: ProxyPass segmetation fault on SMP x86_64
           Product: Apache httpd-2.0
           Version: 2.0.48
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Keywords: PatchAvailable
          Severity: normal
          Priority: P2
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: mitch@comwestcr.com


The included patch is for openssl but its not 100% clear to me if the real bug
is in apache or in openssl, fixing it in openssl was easiest.  I emailed the bug
to the openssl folks also.

apache version:  2.0.48-146
openssl version: 0.9.7b-125
OS:              SuSE 9.0 SMP/x86_64
Kernel:          2.4.21-260-smp

The problem I'm seeing is that apache will not perform a "ProxyPass" to another
SSL host.  The openssl function ssl_verify_cert_chain() [ssl/ssl_cert.c] stores
the SSL* pointer in the X509_STORE_CTX context with the following code:

  X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);

the apache callback function ssl_callback_SSLVerify()
[modules/ssl/ssl_kernel_engine.c] then retrieves this value with the following code:

  SSL *ssl = (SSL *)X509_STORE_CTX_get_app_data(ctx);

which is just a macro to retrieve index 0 of the ex_data.  This fails on the
above system.  I don't have an exact match single processor 32-bit machine for
comparison testing but I tested on a close match and it works fine.  The
following patch fixes the problem on the above system:

-----------------------
diff -Naur openssl-0.9.7b-orig/ssl/ssl_cert.c openssl-0.9.7b/ssl/ssl_cert.c
--- openssl-0.9.7b-orig/ssl/ssl_cert.c    2004-12-03 18:35:40.000000000 -0800
+++ openssl-0.9.7b/ssl/ssl_cert.c    2004-12-03 18:36:20.000000000 -0800
@@ -467,6 +467,7 @@
     if (SSL_get_verify_depth(s) >= 0)
         X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
     X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
+    X509_STORE_CTX_set_app_data(&ctx,s);

     /* We need to set the verify purpose. The purpose can be determined by
      * the context: if its a server it will verify SSL client certificates
-----------------------

The bug is that a callback function has no way of retrieving the value returned
by SSL_get_ex_data_X509_STORE_CTX_idx(), in apache's case it uses 0 via the
X509_STORE_CTX_get_app_data() macro.

This may not be the "correct" ultimate fix as I'm not sure if there's a reason
why index 0 might not be available.  The "ctx" structure above is stack
allocated and only used for the duration of the ssl_verify_cert_chain() call.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message