httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: httpd 2.4.25, mpm_event, ssl: segfaults
Date Mon, 06 Feb 2017 11:10:12 GMT


On 02/02/2017 11:04 AM, Yann Ylavic wrote:
> Hi Niklas,
> 
> On Wed, Feb 1, 2017 at 7:02 PM, Niklas Edmundsson <nikke@acc.umu.se> wrote:
>>
>> We've started to see spurious segfaults with httpd 2.4.25, mpm_event, ssl on
>> Ubuntu 14.04LTS. Not frequent, but none the less happening.
>>
>> #4  ssl_io_filter_output (f=0x7f507013cfe0, bb=0x7f4f840be168) at
>> ssl_engine_io.c:1746
>>         data = 0x7f5075518000 <error: Cannot access memory at address
>> 0x7f5075518000>
>>         len = 4194304
>>         bucket = 0x7f4f840b1ba8
>>         status = <optimized out>
>>         filter_ctx = 0x7f507013cf88
>>         inctx = <optimized out>
>>         outctx = 0x7f507013d008
>>         rblock = APR_NONBLOCK_READ
> 
> I suspect some cleanup ordering issue happening in
> ssl_io_filter_output(), when the EOC bucket is found.
> 
>>
>> Are we hitting a corner case of process cleanup that plays merry hell with
>> https/ssl, or are we just having bad luck? Ideas? Suggestions?
> 
> 2.4.25 is eager to terminate/shutdown keepalive connections more
> quickly (than previous versions) on graceful shutdown (e.g.
> MaxConnectionsPerChild reached).
> 
> What might happen in ssl_io_filter_output() is that buffered output
> data (already deleted but not cleared) end up being reused on
> shutdown.
> 
> Could you please try the attached patch?

Why would we need to handle filter_ctx->pssl == NULL the same way we handle META_BUCKETS?
filter_ctx->pssl == NULL already causes ssl_filter_write to fail. Do I miss any code before
that could
crash in the data case with filter_ctx->pssl == NULL?

Regards

RĂ¼diger

Mime
View raw message