httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 32529] - ProxyPass segmentation fault on SMP x86_64
Date Wed, 08 Dec 2004 03:12:20 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=32529>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=32529





------- Additional Comments From mitch@comwestcr.com  2004-12-08 04:12 -------
(In reply to comment #11)
> This could well be one of the insane cases which occurs where libssl.so gets
> loaded and unloaded during startup but libcrypto.so always stays mapped.  Global
> variables in libcrypto.so hence don't get reset to their initialization state,
> but those in libssl.so do: 
> 
Yep, you guessed it.  I put some printfs in libssl and libcrypto:

 1  29336:
 2    29336  644.580855: in crypto_init, ppid: 29335, count: 1
 3    29336  644.580921: in ssl_init, ppid: 29335, count: 1
 4    29336  645.198972: CRYPTO_get_ex_new_index, ix: 0, ppid: 29335, count2: 1
 5    29336  645.198980: /usr/lib64/libcrypto.so.0.9.7(my_dumper+0x2e)
[0x2a97aac149]
 6    29336  645.198985:
/usr/lib64/libcrypto.so.0.9.7(X509_STORE_CTX_get_ex_new_index+0x2b) [0x2a97aac25b]
 7    29336  645.198989:
/usr/lib64/libssl.so.0.9.7(SSL_get_ex_data_X509_STORE_CTX_idx+0x50) [0x2a978ee580]
 8    29336  645.198993: /usr/lib64/libssl.so.0.9.7(SSL_CTX_new+0x1a) [0x2a978ed69a]
 9    29336  645.198997: /usr/lib64/apache2-prefork/mod_ssl.so [0x2a977a80fd]
10    29336  645.202025: in ssl_exit, ppid: 29335, count: 2
11    29336  645.209564: in ssl_init, ppid: 29335, count: 1
12    29336  645.608884: in ssl_exit, ppid: 29335, count: 2
13    29336  645.609069: in crypto_exit, ppid: 29335, count: 2
14  29337:
15    29336  644.580855: in crypto_init, ppid: 29335, count: 1
16    29336  645.198972: CRYPTO_get_ex_new_index, ix: 0, ppid: 29335, count2: 1
17    29336  645.198980: /usr/lib64/libcrypto.so.0.9.7(my_dumper+0x2e)
[0x2a97aac149]
18    29336  645.198985:
/usr/lib64/libcrypto.so.0.9.7(X509_STORE_CTX_get_ex_new_index+0x2b) [0x2a97aac25b]
19    29336  645.198989:
/usr/lib64/libssl.so.0.9.7(SSL_get_ex_data_X509_STORE_CTX_idx+0x50) [0x2a978ee580]
20    29336  645.198993: /usr/lib64/libssl.so.0.9.7(SSL_CTX_new+0x1a) [0x2a978ed69a]
21    29336  645.198997: /usr/lib64/apache2-prefork/mod_ssl.so [0x2a977a80fd]
22    29336  645.209564: in ssl_init, ppid: 29335, count: 1
23    29337  645.699132: CRYPTO_get_ex_new_index, ix: 1, ppid: 1, count2: 2
24    29337  645.699147: /usr/lib64/libcrypto.so.0.9.7(my_dumper+0x2e)
[0x2a97aac149]
25    29337  645.699152:
/usr/lib64/libcrypto.so.0.9.7(X509_STORE_CTX_get_ex_new_index+0x2b) [0x2a97aac25b]
26    29337  645.699156:
/usr/lib64/libssl.so.0.9.7(SSL_get_ex_data_X509_STORE_CTX_idx+0x50) [0x2a978ee580]
27    29337  645.699161: /usr/lib64/libssl.so.0.9.7(SSL_CTX_new+0x1a) [0x2a978ed69a]
28    29337  645.699164: /usr/lib64/apache2-prefork/mod_ssl.so [0x2a977a80fd]
29    29337  656.534013: in ssl_exit, ppid: 1, count: 2
30    29337  656.536308: in crypto_exit, ppid: 1, count: 2

The first column is line numbers, the second is process id, the third
is time (fractional part is microseconds).

Lines 2-13 are from process id 29336:
Line 2:      libcrypto.so gets loaded and initialized
             (this output is coming from a __attribute__((constructor))
             function that I added).
Line 3:      libssl.so gets loaded and initialized
             (output also from a __attribute__((constructor)) function)
Line 4:      CRYPTO_get_new_index gets called and returns 0 (the ix value)
Lines 5-9:   traceback of the call into mod_ssl
Line 10:     libssl.so gets unloaded
             (output coming from a __attribute__((destructor)) function)
Line 11:     libssl.so gets reloaded and reinitialized
Line 12:     libssl.so gets unloaded
Line 13:     libcrypto.so gets unloaded
             (output coming from a __attribute__((destructor)) function)

Lines 15-30 are from process id 29337:
Lines 15-22: match lines 2-9 and line 11 in process 29336, so they
             were forked from the same point after line 11 (22).
             line 10 isn't matched in 29337 because line 10 was lost
             when libssl.so was unloaded.
Line 23:     CRYPTO_get_new_index gets called and returns 1 (the ix value)
             rather than 0 because libcrypto.so was not unloaded and
             reinitialized but libssl.so was.
Line 24-30:  backtrace and libraries getting unloaded

The patch you suggested fixed the problem.  Here is the patch file:

--------------------------------------------------------------
diff -r -u httpd-2.0.48-orig/modules/ssl/ssl_engine_kernel.c
httpd-2.0.48/modules/ssl/ssl_engine_kernel.c
--- httpd-2.0.48-orig/modules/ssl/ssl_engine_kernel.c   2004-12-05
17:54:42.000000000 -0800
+++ httpd-2.0.48/modules/ssl/ssl_engine_kernel.c        2004-12-05
17:58:36.000000000 -0800
@@ -1205,7 +1205,8 @@
 int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
 {
     /* Get Apache context back through OpenSSL context */
-    SSL *ssl            = (SSL *)X509_STORE_CTX_get_app_data(ctx);
+    SSL *ssl            = (SSL *)X509_STORE_CTX_get_ex_data(ctx,
+                                     SSL_get_ex_data_X509_STORE_CTX_idx());
     conn_rec *conn      = (conn_rec *)SSL_get_app_data(ssl);
     server_rec *s       = conn->base_server;
     request_rec *r      = (request_rec *)SSL_get_app_data2(ssl);
--------------------------------------------------------------



-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message