[RESENT][PATCH] segmentation fault at ssl_scache_dbm_retrieve()

[RESENT][PATCH] segmentation fault at ssl_scache_dbm_retrieve()

am 05.01.2004 06:44:13 von YONETANI Tomokazu

--jI8keyz6grp/JLjh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hello.
[resending this message because the previous one doesn't seem to
have made it into the archive for some reason]

Sorry if this is a known issue; I've searched the archive and none
relavant found, and http://www.modssl.org/support/bugdb/ was not functioning.

We're using apache-1.3.x+mod_ssl on some of our linux-based web servers,
and have been experiencing occasional crash of apache child process.
After upgrading to apache-1.3.29+mod_ssl-2.8.16 and the crash still
persists, so I decided to use Jeff Trawick's mod_prctl module to
dump core and see exactly what's causing the segfault.
The tracebacks are consistent between crashes, but the local variables
seem to be garbled. After reading the source code, I found two bugs
in ssl_scache_dbm_retrieve():

- memory location pointed to by ucpData is never freed
(this is already pointed out as Bug 25667 in Apache bug database;
and the patch against httpd-2.0 is available there)
- ssl_dbm_close(dbm) is called before memcpy(), possibly trashing the
memory location pointed to by dbmval.dptr(==dbm->pagbuf).

Attached patch should fix these problems. I noticed afterwards that
the version of mod_ssl imported into Apache httpd-2.0 already has
the similar code.

Regards.
--
YONETANI Tomokazu / Ergo-Brains Inc.

--jI8keyz6grp/JLjh
Content-Type: application/x-gunzip
Content-Disposition: attachment; filename="ssl_scache_dbm.c.patch.gz"
Content-Transfer-Encoding: base64

H4sICAo49j8CA3NzbF9zY2FjaGVfZGJtLmMucGF0Y2gArVRtb5swEP7c/Ir7 VEGAhLxsa5tl
yrRN2qSqkxb1M3LgaKwCjrBpytb9952xoeRlX6ZZiQzH3fl5nrtzEAQgZRbJ mMVbjJJNPopH
ouQPF9MwnAXhVTC9gsn1zZvZzXQ+CtsFXngdhgPP806ideA8CCdBOIPJ5GZO v7cngasVBNPw
yn8HntlWqwHolTBV5UCJHrFeHJmeWGZN6/VttP6yXn/7fgdDiVLCEu7ub28X g0B/vv/09eMP
GFbx7jNTbDHwTo1+97RmT2jT8kJBYUKad8VzjBTg846X9aGtEPuFYTGb+LMJ 0aB9Pu946FWi
qsrCAmssvy2jhgth1trRS5SiircOPfmWumuZtA5xJiRqh/6HvFL4HIk0daRr SY6HZoch7BHy
SirYiiwBcoKYZRkvHo5yurDFEn0QivY9l9glIAPkmIuyhkzETHFRwE6QRpiA ErCpLY9RslOl
s1zSW/Bhxx42Vep2SbiEtESKYEUCOathg6BKJrdk2mAqyuaMeFcTEPLVGDEZ teHjARjFxpQp
zzHhTGFWt8rylOqgIBUVJSfnRhkyOj1gsDStAS8vHV7JfyK8J/lpF6ljSupa 0P8eD78G3sW5
ihnrYbnOd4lnu6RjvWOlRPKRVaZ08WgYWKOLXk2vUhv1cQWHoOxBttfJ17Fz 4OYktYidJkfb
VZp752p4u/Aqy8mn/0dYL9sI3YQ68ZaVhLRXDe+QnQ8t/H6CSzOwfr8//eNi 2aPPoj8/YK9F
ydkjgqyod/WMSFXRdFHzSsWzrOnIBgAmr4USe5JeH+00wrX3DWlqsOpuIiet aKfT4cUalTSK
T+hIH3ii/xkWjdJ6vFrN/iozHPdVVUhVIqOROrxMx4Z9724k4N1FanCZ+zaZ 8qgX2hDz4bKr
XtdYJmMfpk7bQrUwdVKyaIh/AOrsF/eTBgAA

--jI8keyz6grp/JLjh
Content-Type: application/x-gunzip
Content-Disposition: attachment; filename="bt-20040101.txt.gz"
Content-Transfer-Encoding: base64

H4sICAo39j8CA2J0LTIwMDQwMTAxLnR4dADNlWFv4zQYx19fP4W1TdCO0tlO 4tiMvkC7AySm
Q7rpXiBVshzHbaOlTuS43Qbiu/PYSXrbAHE7ToJKUSz3eX75/x8/tk8xQvg+ pTjXKdOosmhn
drp9QNMZWrtmhy7qqrioGGdhoBdds2CT6aYsZqjwk9NPyT4lIQlzLIzARUjq ulp2WumtkWWx
k854V5mDQdNuie95ItYi1fMJgl9Vhpk0Y6Is0Mm3K5rgFcnztl1hSuDBK0pz eGfff/lzt6IE
71cUMwhL3C/onTiczAFRG7tM6Awp/+zLC/0NTUEgPQrEBX8m8D8RB8JIAsKS URjnIhuFaVXX
hdK38gfjb0zXVY29CklvrHewEhASZeWcGv7Zhc5Re9W0D8Ar1vBjOj1KN3ZT WSNvjbOmDg44
zSenaewYLJRO0nK0sDFets4cZNfr/9A/+87FHoIHAkMD4YVYsAWZnGYDSWih 0oGUSKW1af1H
AdgRQAz+FEA+ehGEkQC4ubl+ST4f8zOTi0EATWI1dF0Z6+XW1HXzUSxxZDGe fGC9QA3B/84N
IUNzMsLG9ZDbprmVb83dVWOt0T6urYZxbECqVZLOYkv+Tc/Q0PWERjARQvRg a+6kfgRs404s
aJ6lc9QZdzAuzuS0PO5N2+z9GMb1HDmzU2XpxsZVCYbUJzMpzOhtVZfS7ndL ctS59b6VO1VZ
0JcwJkBgMghUnMcDrU8LMeB2REjlNoB5jkiZ4IBIR0TBWDxI1a2RMXc8aXo3 qKsbvyRzZJu7
JcE5FSTBLPtLdSmP6GxEGxUPjda4deN2Muxh2ZcrZnhjldUmLPYzUIZ5AiA2 gIpU9wvslS1V
3cCK9V7BoV7CmQDvw1hHnaV/5iVJ4OUjT5m09/wiCMOh63h/A5GMlxEiZbhq JGhzfpD1j1fZ
T2undoj8/68meF6Fj/XX7HSv29fKq3noMuXQ+QwiD6pelK13X3XVr6ZZT321 M9LPoGFC6Oxy
sNw6WPB+bnJG0BKRJOecEo6fBPTAyRmFiN8CFt5H4+gERJfhOzGf54xxQn4f AHXVeRBMouCL
c9Qq1xnYd92+9pXdoBI+jc4vIITGkKgFQKOHwP36qYlLCE5i8OAcwqfvr378 7h1438E92Ojp
aJOmaYys1mh6jF6it++vr2fwZ/bqFSzm3tk4c/lZKkvT/DHjC3PfVu5hjh7l wv59khyzODxi
LFPY+KjbO4P8FgZ+v16jqoNBVdew6T2KVFPG0mW4L11zB5UIyGn093SRBy+T sySUa2+7amMh
fzCGxqs74+gk9CX0aRbfflVci1VRvVlBQ0/+AJNV5gMqCgAA

--jI8keyz6grp/JLjh--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org