httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 36751] - Apache + OpenSSL crashes while render mod_perl pages
Date Fri, 23 Sep 2005 20:52:39 GMT 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=36751>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=36751


simon.xie@peregrine.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |




------- Additional Comments From simon.xie@peregrine.com  2005-09-23 22:52 -------

Here is the backtrace info. (From MS Visual Studio .NET 2003)

everytime when you load a page from browser,

function 
static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
			      unsigned int len)
is called.

This is the call stack.
	ssleay32.dll!ssl3_write_pending(ssl_st * s=0x06bd0ee8, int type=23, 
const unsigned char * buf=0x06bbb26c, unsigned int len=4775)  Line 756	C
 	ssleay32.dll!do_ssl3_write(ssl_st * s=0x06bd0ee8, int type=23, const 
unsigned char * buf=0x06bbb26c, unsigned int len=4775, int 
create_empty_fragment=0)  Line 713 + 0x15	C
 	ssleay32.dll!ssl3_write_bytes(ssl_st * s=0x06bd0ee8, int type=23, const 
void * buf_=0x06bbb26c, int len=4775)  Line 542 + 0x1a	C
 	ssleay32.dll!ssl3_write(ssl_st * s=0x06bd0ee8, const void * 
buf=0x06bbb26c, int len=4775)  Line 1721 + 0x13	C
 	ssleay32.dll!SSL_write(ssl_st * s=0x06bd0ee8, const void * 
buf=0x06bbb26c, int num=4775)  Line 878 + 0x15	C
 	mod_ssl.so!ssl_filter_write(ap_filter_t * f=0x06b80538, const char * 
data=0x06bbb26c, unsigned int len=4775)  Line 773 + 0x13	C
 	mod_ssl.so!ssl_io_filter_output(ap_filter_t * f=0x06b80538, 
apr_bucket_brigade * bb=0x06bad4c0)  Line 1364 + 0x11	C
 	libhttpd.dll!ap_pass_brigade(ap_filter_t * next=0x06b80538, 
apr_bucket_brigade * bb=0x06bad4c0)  Line 512 + 0x10	C
 	libhttpd.dll!chunk_filter(ap_filter_t * f=0x06bad630, 
apr_bucket_brigade * b=0x06bad4c0)  Line 218 + 0x10	C
 	libhttpd.dll!ap_pass_brigade(ap_filter_t * next=0x06bad630, 
apr_bucket_brigade * bb=0x06bad4c0)  Line 512 + 0x10	C
 	libhttpd.dll!ap_http_header_filter(ap_filter_t * f=0x06b8d558, 
apr_bucket_brigade * b=0x06bad4c0)  Line 1692	C
 	libhttpd.dll!ap_pass_brigade(ap_filter_t * next=0x06b8d558, 
apr_bucket_brigade * bb=0x06bad4c0)  Line 512 + 0x10	C
 	libhttpd.dll!ap_content_length_filter(ap_filter_t * f=0x06b8d540, 
apr_bucket_brigade * b=0x06bad4c0)  Line 1233	C
 	libhttpd.dll!ap_pass_brigade(ap_filter_t * next=0x06b8d540, 
apr_bucket_brigade * bb=0x06bad4c0)  Line 512 + 0x10	C
 	libhttpd.dll!ap_byterange_filter(ap_filter_t * f=0x06b8d528, 
apr_bucket_brigade * bb=0x06bad4c0)  Line 2876 + 0x10	C
 	libhttpd.dll!ap_pass_brigade(ap_filter_t * next=0x06b8d528, 
apr_bucket_brigade * bb=0x06bad4c0)  Line 512 + 0x10	C
 	mod_perl.so!modperl_wbucket_pass()  + 0xf4	
 	mod_perl.so!modperl_wbucket_flush()  + 0x1b	
 	mod_perl.so!modperl_output_filter_handler()  + 0x28	
 	mod_perl.so!modperl_wbucket_pass()  + 0xf4	
 	mod_perl.so!modperl_wbucket_flush()  + 0x1b	
 	mod_perl.so!modperl_io_perlio_restore_stdout()  + 0xd0	


When error accurs, the return value of BIO_write is -1, which is different from 
s->s3->wbuf.left
			i=BIO_write(s->wbio,
				(char *)&(s->s3->wbuf.buf[s->s3->wbuf.offset]),
				(unsigned int)s->s3->wbuf.left);

Then the function returns with -1.

The attached file is the locals when reach this point.





then, in ssl_filter_write(),

then SSL_get_error is called:

int ssl_err = SSL_get_error(filter_ctx->pssl, res);
This is the call stack,
	ssleay32.dll!SSL_get_error(const ssl_st * s=0x06bfdd08, int i=-1)  Line 
1818	C
 	mod_ssl.so!ssl_filter_write(ap_filter_t * f=0x06b82620, const char * 
data=0x06dd0000, unsigned int len=346)  Line 776 + 0xf	C
 	mod_ssl.so!ssl_io_filter_output(ap_filter_t * f=0x06b82620, 
apr_bucket_brigade * bb=0x06b918a0)  Line 1364 + 0x11	C
 	libhttpd.dll!ap_pass_brigade(ap_filter_t * next=0x06b82620, 
apr_bucket_brigade * bb=0x06b918a0)  Line 512 + 0x10	C
 	libhttpd.dll!ap_http_header_filter(ap_filter_t * f=0x06bb0b20, 
apr_bucket_brigade * b=0x06b918a0)  Line 1692	C
 	libhttpd.dll!ap_pass_brigade(ap_filter_t * next=0x06bb0b20, 
apr_bucket_brigade * bb=0x06b918a0)  Line 512 + 0x10	C
 	libhttpd.dll!ap_content_length_filter(ap_filter_t * f=0x06bb0b08, 
apr_bucket_brigade * b=0x06b918a0)  Line 1233	C
 	libhttpd.dll!ap_pass_brigade(ap_filter_t * next=0x06bb0b08, 
apr_bucket_brigade * bb=0x06b918a0)  Line 512 + 0x10	C
 	libhttpd.dll!ap_byterange_filter(ap_filter_t * f=0x06bb0af0, 
apr_bucket_brigade * bb=0x06b918a0)  Line 2876 + 0x10	C
 	libhttpd.dll!ap_pass_brigade(ap_filter_t * next=0x06bb0af0, 
apr_bucket_brigade * bb=0x06b918a0)  Line 512 + 0x10	C
 	libhttpd.dll!default_handler(request_rec * r=0x06bafcd8)  Line 3610 + 
0x13	C
 	libhttpd.dll!ap_run_handler(request_rec * r=0x06bafcd8)  Line 153 + 0x4e
	C
 	libhttpd.dll!ap_invoke_handler(request_rec * r=0x06bafcd8)  Line 364 + 
0x9	C
 	libhttpd.dll!ap_process_request(request_rec * r=0x06bafcd8)  Line 249 + 
0x9	C
 	libhttpd.dll!ap_process_http_connection(conn_rec * c=0x06b82270)  Line 
251 + 0x9	C
 	libhttpd.dll!ap_run_process_connection(conn_rec * c=0x06b82270)  Line 
43 + 0x4e	C
 	libhttpd.dll!ap_process_connection(conn_rec * c=0x06b82270, void * 
csd=0x06b821a0)  Line 178	C
 	libhttpd.dll!worker_main(void * thread_num_val=0x000000f8)  Line 733
	C
 	msvcr71d.dll!_threadstartex(void * ptd=0x06b82098)  Line 241 + 0xd
	C
 	kernel32.dll!GetModuleFileNameA()  + 0x1b4	

In function SSL_get_error, the flow skips all if statements and hit the last 
return statement,
	return(SSL_ERROR_SYSCALL);
	
Then, in function ssl_filter_write, ap_log_error() will be called with a 
string "SSL output filter write failed.",
which is the error message you see in apache error log(debug mode).

        else if (ssl_err == SSL_ERROR_SYSCALL) {
            ap_log_error(APLOG_MARK, APLOG_INFO, outctx->rc, c->base_server,
                        "SSL output filter write failed.");
                        
The attached file is the locals when reach this point.

By the way, we configured and use the mod_perl filter functions. Once SSL 
generate that error message, mod_perl calls 
       MP_RUN_CROAK(modperl_output_filter_flush(filter),
                     "Apache2::Filter");
in modperl_run_filter(modperl_filter_t *filter) from modperl_filter.c, 
which kills apache child process.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
Mime
View raw message