apache22 + SSL + php53 + curl = SIGHUP crash

To: tech-pkg%netbsd.org@localhost
Subject: apache22 + SSL + php53 + curl = SIGHUP crash
From: manu%netbsd.org@localhost (Emmanuel Dreyfus)
Date: Sun, 27 Jan 2013 08:19:33 +0100

Hi

Running apache-2.2 with SSL and PHP 5.3 enabled on NetBSD-6.0. If I use
the PHP curl module, apache will crash on SIGHUP.

backtrace shows the crash occurs in a free(). I linked with electric
fence to discover that curl was calling libcrypto's ENGINE_cleanup(), in
which a free() occured on non malloc-provided pointer.

Playing with gdb, I can see there are multiple calls to
ENGINE_load_builtin_engines(): one for Apache SSL setup, one for libcurl
setup. Then on SIGHUP, there are multiple calls to ENGINE_cleanup(), one
foe Apache SSL, one for libcurl again.

And it seems that calling ENGINE_load_builtin_engines() twice is enough
to get a crash on ENGINE_cleanup(). Here is a sample program that
reproduce the problem:

/* cc -o test -g -lcrypto -L/usr/pkg/lib -lefence test.c */
#include <stdio.h>
#include <openssl/engine.h>

int
main(void)
{
        ENGINE_load_builtin_engines();
        ENGINE_load_builtin_engines();
        ENGINE_cleanup();

        return 0;
}

Program received signal SIGSEGV, Segmentation fault.
[Switching to LWP 1]
0xbb72c1f0 in EVP_PKEY_meth_free () from /lib/libcrypto.so.8
#0  0xbb72c1f0 in EVP_PKEY_meth_free () from /lib/libcrypto.so.8
#1  0xbb73660a in engine_pkey_meths_free () from /lib/libcrypto.so.8
#2  0xbb7752aa in engine_free_util () from /lib/libcrypto.so.8
#3  0xbb737c9c in ENGINE_remove () from /lib/libcrypto.so.8
#4  0xbb737d19 in ?? () from /lib/libcrypto.so.8
#5  0xbb7750ce in ?? () from /lib/libcrypto.so.8
#6  0xbb712f0c in sk_pop_free () from /lib/libcrypto.so.8
#7  0xbb77541e in ENGINE_cleanup () from /lib/libcrypto.so.8
#8  0x080487e5 in main () at test.c:9

Any idea of what software is at fault? Is it libcrypto for crashing on
multiple ENGINE_load_builtin_engines() calls, or is it apache/php/curl
for doing it? Or is it a fake positive raised by electric fence? My test
program does not crash if I do not link with -lefence.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost

Follow-Ups:
- Re: apache22 + SSL + php53 + curl = SIGHUP crash
  - From: Christos Zoulas

Prev by Date: daily pkgsrc CVS update output
Next by Date: Re: apache22 + SSL + php53 + curl = SIGHUP crash
Previous by Thread: QAudioOutput of qt4
Next by Thread: Re: apache22 + SSL + php53 + curl = SIGHUP crash
Indexes:

Home | Main Index | Thread Index | Old Index