tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

apache22 + SSL + php53 + curl = SIGHUP crash


Running apache-2.2 with SSL and PHP 5.3 enabled on NetBSD-6.0. If I use
the PHP curl module, apache will crash on SIGHUP.

backtrace shows the crash occurs in a free(). I linked with electric
fence to discover that curl was calling libcrypto's ENGINE_cleanup(), in
which a free() occured on non malloc-provided pointer.

Playing with gdb, I can see there are multiple calls to
ENGINE_load_builtin_engines(): one for Apache SSL setup, one for libcurl
setup. Then on SIGHUP, there are multiple calls to ENGINE_cleanup(), one
foe Apache SSL, one for libcurl again.

And it seems that calling ENGINE_load_builtin_engines() twice is enough
to get a crash on ENGINE_cleanup(). Here is a sample program that
reproduce the problem:

/* cc -o test -g -lcrypto -L/usr/pkg/lib -lefence test.c */
#include <stdio.h>
#include <openssl/engine.h>


        return 0;

Program received signal SIGSEGV, Segmentation fault.
[Switching to LWP 1]
0xbb72c1f0 in EVP_PKEY_meth_free () from /lib/
#0  0xbb72c1f0 in EVP_PKEY_meth_free () from /lib/
#1  0xbb73660a in engine_pkey_meths_free () from /lib/
#2  0xbb7752aa in engine_free_util () from /lib/
#3  0xbb737c9c in ENGINE_remove () from /lib/
#4  0xbb737d19 in ?? () from /lib/
#5  0xbb7750ce in ?? () from /lib/
#6  0xbb712f0c in sk_pop_free () from /lib/
#7  0xbb77541e in ENGINE_cleanup () from /lib/
#8  0x080487e5 in main () at test.c:9

Any idea of what software is at fault? Is it libcrypto for crashing on
multiple ENGINE_load_builtin_engines() calls, or is it apache/php/curl
for doing it? Or is it a fake positive raised by electric fence? My test
program does not crash if I do not link with -lefence.

Emmanuel Dreyfus

Home | Main Index | Thread Index | Old Index