Re: apache22 + SSL + php53 + curl = SIGHUP crash

To: tech-pkg%netbsd.org@localhost
Subject: Re: apache22 + SSL + php53 + curl = SIGHUP crash
From: christos%astron.com@localhost (Christos Zoulas)
Date: Sun, 27 Jan 2013 20:32:21 +0000 (UTC)

In article <1kxcjrl.1jph1dwkgtiqdM%manu%netbsd.org@localhost>,
Emmanuel Dreyfus <manu%netbsd.org@localhost> wrote:
>Hi
>
>Running apache-2.2 with SSL and PHP 5.3 enabled on NetBSD-6.0. If I use
>the PHP curl module, apache will crash on SIGHUP.
>
>backtrace shows the crash occurs in a free(). I linked with electric
>fence to discover that curl was calling libcrypto's ENGINE_cleanup(), in
>which a free() occured on non malloc-provided pointer.
>
>Playing with gdb, I can see there are multiple calls to
>ENGINE_load_builtin_engines(): one for Apache SSL setup, one for libcurl
>setup. Then on SIGHUP, there are multiple calls to ENGINE_cleanup(), one
>foe Apache SSL, one for libcurl again.
>
>And it seems that calling ENGINE_load_builtin_engines() twice is enough
>to get a crash on ENGINE_cleanup(). Here is a sample program that
>reproduce the problem:
>
>/* cc -o test -g -lcrypto -L/usr/pkg/lib -lefence test.c */
>#include <stdio.h>
>#include <openssl/engine.h>
>
>int
>main(void)
>{
>        ENGINE_load_builtin_engines();
>        ENGINE_load_builtin_engines();
>        ENGINE_cleanup();
>
>        return 0;
>}
>
>Program received signal SIGSEGV, Segmentation fault.
>[Switching to LWP 1]
>0xbb72c1f0 in EVP_PKEY_meth_free () from /lib/libcrypto.so.8
>#0  0xbb72c1f0 in EVP_PKEY_meth_free () from /lib/libcrypto.so.8
>#1  0xbb73660a in engine_pkey_meths_free () from /lib/libcrypto.so.8
>#2  0xbb7752aa in engine_free_util () from /lib/libcrypto.so.8
>#3  0xbb737c9c in ENGINE_remove () from /lib/libcrypto.so.8
>#4  0xbb737d19 in ?? () from /lib/libcrypto.so.8
>#5  0xbb7750ce in ?? () from /lib/libcrypto.so.8
>#6  0xbb712f0c in sk_pop_free () from /lib/libcrypto.so.8
>#7  0xbb77541e in ENGINE_cleanup () from /lib/libcrypto.so.8
>#8  0x080487e5 in main () at test.c:9
>
>Any idea of what software is at fault? Is it libcrypto for crashing on
>multiple ENGINE_load_builtin_engines() calls, or is it apache/php/curl
>for doing it? Or is it a fake positive raised by electric fence? My test
>program does not crash if I do not link with -lefence.
>

Looks like a bug with openssl. Why don't you ask them?

christos

Follow-Ups:
- Re: apache22 + SSL + php53 + curl = SIGHUP crash
  - From: Emmanuel Dreyfus
- Re: apache22 + SSL + php53 + curl = SIGHUP crash
  - From: Emmanuel Dreyfus

References:
- apache22 + SSL + php53 + curl = SIGHUP crash
  - From: Emmanuel Dreyfus

Prev by Date: apache22 + SSL + php53 + curl = SIGHUP crash
Next by Date: daily pkgsrc CVS update output
Previous by Thread: apache22 + SSL + php53 + curl = SIGHUP crash
Next by Thread: Re: apache22 + SSL + php53 + curl = SIGHUP crash
Indexes:

Home | Main Index | Thread Index | Old Index