crash in mod_ssl 2.8.15

crash in mod_ssl 2.8.15

am 04.08.2003 19:36:57 von Dmitri Dmitrienko

crash report:

environment:
mod_ssl 2.8.15, apache 1.3.28
platform: win32, win XP sp 1
compiler MS VC 6 sp 5
client IE 6
client Mozilla 1.3


steps to reproduce:
using IE 6 or Mozilla 1.3 open HTTP/SSL connectio to localhost.
get there any plain html page with some gifs and press refresh many times
while holding shift (full-refresh for IE or Ctrl-F5 for Mozilla).
crash happens everytime in 4-8 refreshes (in IE) or 30-40 for Mozilla.

call stack:
0: ap_ctx_get(ctx=0x6567616d, key="ssl::io::suck")
1: ssl_io_suck_read(ssl=0x0095b228, buf=0x008f4860, len=4096)
2: SSL_recvwithtimeout(fb=0x008f4810, buf=0x008f4860, len=4096)
3: ssl_io_hook_recvwithtimeout(fb=0x008f4810, buf=0x008f4860, len=4096)
4: ap_hook_call_func(0x00dade34->"p", 0x0086d1a0,
hf=0x0086ea88->{ssl_io_hook_recvwithtimeout, 0})

some noticed details:
a) buf contained a valid GET request:
GET /images/logo.gif HTTP/1.1
Accept: */*
Referer: https://localhost
Accept-Language:en-us
.....

b) as it's clear from the call stack crash happened while trying to get ctx
for "ssl::io::suck" using r->ctx.
source line ssl_engine_io.c:267
r pointed to memory contained characted data: "ap::mod_log_config::log_x"
instead of any adequate request_rec.

c) actx (ssl_engine_io.c:261) contained proper ap_ctx list of two entries
{"ssl::request_rec",0x95d8d0}{"ssl::verify::depth", 1}{NULL,0}

d) beside this one, there are 3 other threads that were in
SSL_recvwithtimeout() function call.

possible reasons for the crash:
1) memory corrpution
2) races between threads

If you need any further info, please contact me by email.

best regards,
dmitri.

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org