httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Ruggeri <DRugg...@primary.net>
Subject Segfault in openssl's err_cmp when using SSLCryptoDevice and new SSLProxyMachineCertificateChainFile
Date Wed, 18 Jan 2012 16:40:02 GMT
All;
   I stumbled across this yesterday and was hoping some of our more
experienced openssl developers may be able to offer suggestions on how I
can track this down. I've been testing on 2.2.21 though the code should
be the same in trunk/2.4. The patch I've applied is currently proposed
for backport in 2.2 (and works fine until using an openssl engine).

Patch applied to 2.2.21 distribution - trunk already has this:
http://people.apache.org/~druggeri/patches/httpd-2.2-SSLProxyMachineCertificateChainFile.patch

When the new SSLProxyMachineCertificateChainFile directive is set at the
same time SSLCryptoDevice is set, a segfault occurs during
ssl_hook_pre_config while calling SSL_load_error_strings. The backtrace
I gathered with dbx points to something deeper inside openssl, but I'm
sure I've done something to cause it.

t@1 (l@1) signal SEGV (no mapping at the fault address) in err_cmp at
0xffffffff7ab05540
0xffffffff7ab05540: err_cmp       :     ld       [%o0 + 4], %o3
Current function is ssl_hook_pre_config (optimized)
  280       SSL_load_error_strings();
(dbx) where
current thread: t@1
  [1] err_cmp(0xffffffff7ae542a8, 0xffffffff7fff9470, 0x22cd,
0x100251f30, 0xac, 0xab), at 0xffffffff7ab05540
  [2] lh_retrieve(0x10023aa80, 0xffffffff7fff9470, 0x14064057, 0x57,
0x10024edc8, 0xffffffff7ab05540), at 0xffffffff7ab034bc
  [3] int_err_get_item(0xffffffff7fff9470, 0xffffffff7acb4528, 0x14520,
0xffffffff7aca0008, 0x19b904, 0x14400), at 0xffffffff7ab0476c
  [4] ERR_func_error_string(0x64, 0xffffffff7acbdf48, 0x14520,
0xffffffff7acbdf48, 0xffffffff7acb4528, 0x14400), at 0xffffffff7ab053d0
  [5] ERR_load_SSL_strings(0x0, 0xffffffff77e542a8, 0xffffffff77e4f0d0,
0x51d8, 0x105df4, 0x5000), at 0xffffffff77d492f8
=>[6] ssl_hook_pre_config(pconf = ???, plog = ???, ptemp = ???)
(optimized), at 0xffffffff77f08f04 (line ~280) in "mod_ssl.c"
  [7] ap_run_pre_config(pconf = ???, plog = ???, ptemp = ???)
(optimized), at 0x10004cfe4 (line ~85) in "config.c"
  [8] main(argc = ???, argv = ???) (optimized), at 0x100031954 (line
~709) in "main.c"

For reference, removing one directive or the other avoids the segfault.
This seems to be brought on by the combination of the two (and possibly
the engine implementation).

Any ideas?

-- 
Daniel Ruggeri


Mime
View raw message