Fwd: Tracking down mod_ssl/OpenSSL bug

Fwd: Tracking down mod_ssl/OpenSSL bug

am 11.07.2003 18:18:07 von fischerdk

--=====================_357959608==_
Content-Type: text/plain; charset="us-ascii"; format=flowed


----- Begin forwarded message -----
Ralf,

I have been doing some code-walking to track down a problem we've been
having since last November with Apache child processes getting segmentation
faults periodically, and it appears to boil down to something with mod_ssl
and/or OpenSSL. I was hoping you could help shed some light on this, and/or
suggest where to next extend my search. Here are the details thus far:

- Running Apache 1.3.27 and mod_ssl 2.8.14 with OpenSSL 0.9.7b (also tried
with the 0.9.6 line with the same results)

gdb backtrace (attached) shows the segmentation fault being generated by
ssl3_write_pending(). This happens when a timeout occurs during
ap_send_fd() or ap_send_mmap(). The Apache timeout() handler is invoked by
the SIGALRM handler, which closes the connection and frees the SSL context.
When the signal handler finishes and returns to the stack (where we were in
the middle of a write operation somewhere inside of ssl3_write_pending()),
ssl3_write_pending() segfaults when it tries to access the non-existent
context.

I'm not sure if this would be considered a deficiency in how mod_ssl closes
the connection, in how OpenSSL's ssl3_write_pending() checks for a valid
context after BIO_write(), or something else entirely.

Any direction you can provide would be greatly appreciated. I'd be more
than happy to provide any additional info or debugging/troubleshooting steps.

Many thanks,

Doug
------------------------------------------------------------

This email, and any included attachments, have been checked
by Norton AntiVirus Corporate Edition (Version 8.0), AVG
Server Edition 6.0, and Merak Email Server Integrated
Antivirus (Alwil Software's aVast! engine) and is certified
Virus Free.
--=====================_357959608==_
Content-Type: text/plain; name="apache_sigsegv_gdb_bt.txt";
x-mac-type="42494E41"; x-mac-creator="74747874"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="apache_sigsegv_gdb_bt.txt"

W3Jvb3RAdGVzdDAxIH5dIyBnZGIgLXggL3RtcC9nZGIuY21kIGh0dHBkCkdO VSBnZGIgUmVkIEhh
dCBMaW51eCAoNS4yLTIpCkNvcHlyaWdodCAyMDAyIEZyZWUgU29mdHdhcmUg Rm91bmRhdGlvbiwg
SW5jLgpHREIgaXMgZnJlZSBzb2Z0d2FyZSwgY292ZXJlZCBieSB0aGUgR05V IEdlbmVyYWwgUHVi
bGljIExpY2Vuc2UsIGFuZCB5b3UgYXJlCndlbGNvbWUgdG8gY2hhbmdlIGl0 IGFuZC9vciBkaXN0
cmlidXRlIGNvcGllcyBvZiBpdCB1bmRlciBjZXJ0YWluIGNvbmRpdGlvbnMu ClR5cGUgInNob3cg
Y29weWluZyIgdG8gc2VlIHRoZSBjb25kaXRpb25zLgpUaGVyZSBpcyBhYnNv bHV0ZWx5IG5vIHdh
cnJhbnR5IGZvciBHREIuICBUeXBlICJzaG93IHdhcnJhbnR5IiBmb3IgZGV0 YWlscy4KVGhpcyBH
REIgd2FzIGNvbmZpZ3VyZWQgYXMgImkzODYtcmVkaGF0LWxpbnV4Ii4uLgpC cmVha3BvaW50IDEg
YXQgMHg4MGJkNzY0OiBmaWxlIGh0dHBfbWFpbi5jLCBsaW5lIDE0OTkuCltO ZXcgVGhyZWFkIDEw
MjQgKExXUCAxMDkwNildClByb2Nlc3NpbmcgY29uZmlnIGRpcmVjdG9yeTog L2V0Yy9odHRwZC9j
b25mL2h0dHBkLmNvbmYKIFByb2Nlc3NpbmcgY29uZmlnIGZpbGU6IC9ldGMv aHR0cGQvY29uZi9o
dHRwZC5jb25mL2FwYWNoZS5jb25mCgpbU3dpdGNoaW5nIHRvIFRocmVhZCAx MDI0IChMV1AgMTA5
MDYpXQoKQnJlYWtwb2ludCAxLCB0aW1lb3V0IChzaWc9MTQpIGF0IGh0dHBf bWFpbi5jOjE0OTkK
MTQ5OSAgICAgICAgaWYgKGFsYXJtc19ibG9ja2VkKSB7CihnZGIpIGJ0CiMw ICB0aW1lb3V0IChz
aWc9MTQpIGF0IGh0dHBfbWFpbi5jOjE0OTkKIzEgIDB4MDgwYmEwZmIgaW4g YWxybV9oYW5kbGVy
IChzaWc9MTQpIGF0IGh0dHBfbWFpbi5jOjE2MjgKIzIgIDB4NDAwMjc1ZWIg aW4gcHRocmVhZF9z
aWdoYW5kbGVyIChzaWdubz0xNCwgY3R4PQogICAgICB7Z3MgPSAwLCBfX2dz aCA9IDAsIGZzID0g
MCwgX19mc2ggPSAwLCBlcyA9IDQzLCBfX2VzaCA9IDAsIGRzID0gNDMsIF9f ZHNoID0gMCwgZWRp
ID0gMTM3MzI4NzI4LCBlc2kgPSA4MjIxLCBlYnAgPSAzMjIxMjA2NDQwLCBl c3AgPSAzMjIxMjA2
MzkyLCBlYnggPSA3LCBlZHggPSA4MjIxLCBlY3ggPSAxMzczMjg3MjgsIGVh eCA9IDcxNDYsIHRy
YXBubyA9IDEsIGVyciA9IDAsIGVpcCA9IDEwNzUzNDEyMzYsIGNzID0gMzUs IF9fY3NoID0gMCwg
ZWZsYWdzID0gNjQyLCBlc3BfYXRfc2lnbmFsID0gMzIyMTIwNjM5Miwgc3Mg PSA0MywgX19zc2gg
PSAwLCBmcHN0YXRlID0gMHhiZmZmYjJmOCwgb2xkbWFzayA9IDIxNDc0ODM2 NDgsIGNyMiA9IDB9
KSBhdCBzaWduYWxzLmM6OTcKIzMgIDxzaWduYWwgaGFuZGxlciBjYWxsZWQ+ CiM0ICAweDQwMTg2
N2I0IGluIF9fbGliY193cml0ZSAoKSBhdCBfX2xpYmNfd3JpdGU6LTEKIzUg IDB4NDAwMzJlZmMg
aW4gX19EVE9SX0VORF9fICgpIGZyb20gL2xpYi9saWJwdGhyZWFkLnNvLjAK IzYgIDB4MDgxMGFm
ZjkgaW4gc29ja193cml0ZSAoYj0weDgyZTk5OTAsIAogICAgaW49MHg4MmY3 ODU4ICJcMDI3XDAw
M1wwMDEgXDAzMGK5V3v9+L5cMDE2P+jBXDAxNrNcMjE3ZClcMDI3/ehQXGIg 8clcMDAysFxl0a2q
uFwyMzdcMDAzXDIwNUc+XGIg0FwyMzFcMDMxd7NcMDI3yFdccshcMDA21Eyt IXVMKyRcMTc3RUv1
XdNML7vW5sn7XDAyMqhcMjE3XlwyMzXd/UlcMjMyXDAwMs63XDAzNV3Z9Fwy MTLqXDAxN1wwMDRC
rEzHXDIwMFx0PTjjLSnJXDIzMrt7XDAyNd/3XDAyM1pOXdq2+lwyMjdUXDAz NFwyMTBoXDAzN2tc
MjM3Or7IXDIzNOBcMTc3XDIzN+1cMjIwOdxcMjIwxVwyMTDOQt5cMTc3Ymdc MjM0+L5GoeiqK1wy
MDHpXDIwMzrdZj5cMjAx5sN0TuRcMjMzUaAurrKtWkBcMDM3JMDA+uK/yERc MjAyXDAwNvopQdq1
TsvtXDIyNSyuIi4uLiwgaW5sPTgyMjEpCiAgICBhdCBic3Nfc29jay5jOjE1 NwojNyAgMHgwODEw
OTMyNiBpbiBCSU9fd3JpdGUgKGI9MHg4MmU5OTkwLCBpbj0weDgyZjc4NTgs IGlubD04MjIxKQog
ICAgYXQgYmlvX2xpYi5jOjIwMQojOCAgMHgwODBmZDg1NSBpbiBzc2wzX3dy aXRlX3BlbmRpbmcg
KHM9MHg4MmU3NTMwLCB0eXBlPTIzLCAKICAgIGJ1Zj0weGJmZmZiOGIwICIt RGF0ZWkg5HF1aXZh
bGVudCBpc3Q7IHp1c+R0emxpY2hlIFRyZWliZXIgXG5r9m5udGVuIHdlaXRl cmhpbiBlcmZvcmRl
cmxpY2ggc2Vpbi5cblxuIiwgJz0nIDxyZXBlYXRzIDc2IHRpbWVzPiwgIlxu SElMRkUgQU5GT1JO
REVSTlxuXG5adWdyaWZmIPxiZXIgZGFzIFdlYiBodCIuLi4sIGxlbj04MTky KSBhdCBzM19wa3Qu
Yzo3NDAKIzkgIDB4MDgwZmQ3NjkgaW4gZG9fc3NsM193cml0ZSAocz0weDgy ZTc1MzAsIHR5cGU9
MjMsIAogICAgYnVmPTB4YmZmZmI4YjAgIi1EYXRlaSDkcXVpdmFsZW50IGlz dDsgenVz5HR6bGlj
aGUgVHJlaWJlciBcbmv2bm50ZW4gd2VpdGVyaGluIGVyZm9yZGVybGljaCBz ZWluLlxuXG4iLCAn
PScgPHJlcGVhdHMgNzYgdGltZXM+LCAiXG5ISUxGRSBBTkZPUk5ERVJOXG5c blp1Z3JpZmYg/GJl
ciBkYXMgV2ViIGh0Ii4uLiwgbGVuPTgxOTIsIGNyZWF0ZV9lbXB0eV9mcmFn bWVudD0wKSBhdCBz
M19wa3QuYzo3MTMKIzEwIDB4MDgwZmQzNjIgaW4gc3NsM193cml0ZV9ieXRl cyAocz0weDgyZTc1
MzAsIHR5cGU9MjMsIGJ1Zl89MHhiZmZmYjhiMCwgCiAgICBsZW49ODE5Mikg YXQgczNfcGt0LmM6
NTQyCiMxMSAweDA4MGZiMTg2IGluIHNzbDNfd3JpdGUgKHM9MHg4MmU3NTMw LCBidWY9MHhiZmZm
YjhiMCwgbGVuPTgxOTIpCiAgICBhdCBzM19saWIuYzoxNzE4CiMxMiAweDA4 MGU0ZTBkIGluIFNT
TF93cml0ZSAocz0weDgyZTc1MzAsIGJ1Zj0weGJmZmZiOGIwLCBudW09ODE5 MikKICAgIGF0IHNz
bF9saWIuYzo4NzMKIzEzIDB4MDgwODUxODEgaW4gc3NsX2lvX2hvb2tfd3Jp dGUgKGZiPTB4ODI0
ZjhjMCwgCiAgICBidWY9MHhiZmZmYjhiMCAiLURhdGVpIORxdWl2YWxlbnQg aXN0OyB6dXPkdHps
aWNoZSBUcmVpYmVyIFxua/ZubnRlbiB3ZWl0ZXJoaW4gZXJmb3JkZXJsaWNo IHNlaW4uXG5cbiIs
ICc9JyA8cmVwZWF0cyA3NiB0aW1lcz4sICJcbkhJTEZFIEFORk9STkRFUk5c blxuWnVncmlmZiD8
YmVyIGRhcyBXZWIgaHQiLi4uLCBsZW49ODE5MikgYXQgc3NsX2VuZ2luZV9p by5jOjM4NAojMTQg
MHgwODBkMzUyMSBpbiBhcF9ob29rX2NhbGxfZnVuYyAoYXA9MHhiZmZmYjc3 NCwgaGU9MHg4MjM0
YTM4LCBoZj0weDgyMzdjNDApCiAgICBhdCBhcF9ob29rLmM6NjQ5CiMxNSAw eDA4MGQzMTJjIGlu
IGFwX2hvb2tfY2FsbCAoaG9vaz0weDgxZWMxZDUgImFwOjpidWZmOjp3cml0 ZSIpCiAgICBhdCBh
cF9ob29rLmM6MzgyCiMxNiAweDA4MGIzNWQwIGluIGFwX3dyaXRlIChmYj0w eDgyNGY4YzAsIGJ1
Zj0weGJmZmZiOGIwLCBuYnl0ZT04MTkyKQogICAgYXQgYnVmZi5jOjM2MQoj MTcgMHgwODBiNDI2
OSBpbiB3cml0ZV93aXRoX2Vycm9ycyAoZmI9MHg4MjRmOGMwLCBidWY9MHhi ZmZmYjhiMCwgbmJ5
dGU9ODE5MikKICAgIGF0IGJ1ZmYuYzo0MDgKIzE4IDB4MDgwYjQzMTMgaW4g YmN3cml0ZSAoZmI9
MHg4MjRmOGMwLCBidWY9MHhiZmZmYjhiMCwgbmJ5dGU9ODE5MikKIzE5IDB4 MDgwYjQ2ODcgaW4g
YXBfYndyaXRlIChmYj0weDgyNGY4YzAsIGJ1Zj0weGJmZmZiOGIwLCBuYnl0 ZT04MTkyKQogICAg
YXQgYnVmZi5jOjE0MjcKIzIwIDB4MDgwYzUxM2IgaW4gYXBfc2VuZF9mZF9s ZW5ndGggKGY9MHg4
MmZlNzk4LCByPTB4ODJmYzFhMCwgbGVuZ3RoPS0xKQogICAgYXQgaHR0cF9w cm90b2NvbC5jOjI0
MDMKIzIxIDB4MDgwYzUwMTEgaW4gYXBfc2VuZF9mZCAoZj0weDgyZmU3OTgs IHI9MHg4MmZjMWEw
KSBhdCBodHRwX3Byb3RvY29sLmM6MjM3MwojMjIgMHgwODBiYmUxNCBpbiBk ZWZhdWx0X2hhbmRs
ZXIgKHI9MHg4MmZjMWEwKSBhdCBodHRwX2NvcmUuYzozOTMwCiMyMyAweDA4 MGI1MzVkIGluIGFw
X2ludm9rZV9oYW5kbGVyIChyPTB4ODJmYzFhMCkgYXQgaHR0cF9jb25maWcu Yzo1MzAKIzI0IDB4
MDgwYzgxZGMgaW4gcHJvY2Vzc19yZXF1ZXN0X2ludGVybmFsIChyPTB4ODJm YzFhMCkgYXQgaHR0
cF9yZXF1ZXN0LmM6MTMwOAojMjUgMHgwODBjODI1MyBpbiBhcF9wcm9jZXNz X3JlcXVlc3QgKHI9
MHg4MmZjMWEwKSBhdCBodHRwX3JlcXVlc3QuYzoxMzI0CiMyNiAweDA4MGMw M2E3IGluIGNoaWxk
X21haW4gKGNoaWxkX251bV9hcmc9MCkgYXQgaHR0cF9tYWluLmM6NDY4OQoj MjcgMHgwODBjMDU0
YSBpbiBtYWtlX2NoaWxkIChzPTB4ODIyYmZjOCwgc2xvdD0wLCBub3c9MTA1 NzY3ODY3OSkKICAg
IGF0IGh0dHBfbWFpbi5jOjQ4MTMKIzI4IDB4MDgwYzA2OGQgaW4gc3RhcnR1 cF9jaGlsZHJlbiAo
bnVtYmVyX3RvX3N0YXJ0PTEpIGF0IGh0dHBfbWFpbi5jOjQ4OTUKIzI5IDB4 MDgwYzBjZTAgaW4g
c3RhbmRhbG9uZV9tYWluIChhcmdjPTE4LCBhcmd2PTB4YmZmZmRiZjQpCiAg ICBhdCBodHRwX21h
aW4uYzo1MjAzCiMzMCAweDA4MGMxNWUzIGluIG1haW4gKGFyZ2M9MTgsIGFy Z3Y9MHhiZmZmZGJm
NCkgYXQgaHR0cF9tYWluLmM6NTU2NgojMzEgMHg0MDBjOTMzNiBpbiBfX2xp YmNfc3RhcnRfbWFp
biAobWFpbj0weDgwYzExNTAgPG1haW4+LCBhcmdjPTE4LCAKICAgIHVicF9h dj0weGJmZmZkYmY0
LCBpbml0PTB4ODA3YzcxNCA8X2luaXQ+LCBmaW5pPTB4ODFjNzA2MCA8X2Zp bmk+LCAKICAgIHJ0
bGRfZmluaT0weDQwMDBkMmZjIDxfZGxfZmluaT4sIHN0YWNrX2VuZD0weGJm ZmZkYmVjKQogICAg
YXQgLi4vc3lzZGVwcy9nZW5lcmljL2xpYmMtc3RhcnQuYzoxMjkKKGdkYikg YwpDb250aW51aW5n
LgoKUHJvZ3JhbSByZWNlaXZlZCBzaWduYWwgU0lHU0VHViwgU2VnbWVudGF0 aW9uIGZhdWx0Lgow
eDA4MGZkODkxIGluIHNzbDNfd3JpdGVfcGVuZGluZyAocz0weDgyZTc1MzAs IHR5cGU9MjMsIAog
ICAgYnVmPTB4YmZmZmI4YjAgIi1EYXRlaSDkcXVpdmFsZW50IGlzdDsgenVz 5HR6bGljaGUgVHJl
aWJlciBcbmv2bm50ZW4gd2VpdGVyaGluIGVyZm9yZGVybGljaCBzZWluLlxu XG4iLCAnPScgPHJl
cGVhdHMgNzYgdGltZXM+LCAiXG5ISUxGRSBBTkZPUk5ERVJOXG5cblp1Z3Jp ZmYg/GJlciBkYXMg
V2ViIGh0Ii4uLiwgbGVuPTgxOTIpIGF0IHMzX3BrdC5jOjc0OQo3NDkgICAg ICAgICAgICAgICAg
ICAgICBpZiAoaSA9PSBzLT5zMy0+d2J1Zi5sZWZ0KQooZ2RiKSBxdWl0ClRo ZSBwcm9ncmFtIGlz
IHJ1bm5pbmcuICBFeGl0IGFueXdheT8gKHkgb3IgbikgeQpbcm9vdEB0ZXN0 MDEgfl0jIAo=
--=====================_357959608==_--


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org