[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
apache22 + SSL + php53 + curl = SIGHUP crash
Running apache-2.2 with SSL and PHP 5.3 enabled on NetBSD-6.0. If I use
the PHP curl module, apache will crash on SIGHUP.
backtrace shows the crash occurs in a free(). I linked with electric
fence to discover that curl was calling libcrypto's ENGINE_cleanup(), in
which a free() occured on non malloc-provided pointer.
Playing with gdb, I can see there are multiple calls to
ENGINE_load_builtin_engines(): one for Apache SSL setup, one for libcurl
setup. Then on SIGHUP, there are multiple calls to ENGINE_cleanup(), one
foe Apache SSL, one for libcurl again.
And it seems that calling ENGINE_load_builtin_engines() twice is enough
to get a crash on ENGINE_cleanup(). Here is a sample program that
reproduce the problem:
/* cc -o test -g -lcrypto -L/usr/pkg/lib -lefence test.c */
Program received signal SIGSEGV, Segmentation fault.
[Switching to LWP 1]
0xbb72c1f0 in EVP_PKEY_meth_free () from /lib/libcrypto.so.8
#0 0xbb72c1f0 in EVP_PKEY_meth_free () from /lib/libcrypto.so.8
#1 0xbb73660a in engine_pkey_meths_free () from /lib/libcrypto.so.8
#2 0xbb7752aa in engine_free_util () from /lib/libcrypto.so.8
#3 0xbb737c9c in ENGINE_remove () from /lib/libcrypto.so.8
#4 0xbb737d19 in ?? () from /lib/libcrypto.so.8
#5 0xbb7750ce in ?? () from /lib/libcrypto.so.8
#6 0xbb712f0c in sk_pop_free () from /lib/libcrypto.so.8
#7 0xbb77541e in ENGINE_cleanup () from /lib/libcrypto.so.8
#8 0x080487e5 in main () at test.c:9
Any idea of what software is at fault? Is it libcrypto for crashing on
multiple ENGINE_load_builtin_engines() calls, or is it apache/php/curl
for doing it? Or is it a fake positive raised by electric fence? My test
program does not crash if I do not link with -lefence.
Main Index |
Thread Index |