You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2019/01/17 13:30:03 UTC
[Bug 63083] New: Spinning thread in ssl_io_input_read in
ssl_engine_io.c against OpenSSL 1.1.1a
https://bz.apache.org/bugzilla/show_bug.cgi?id=63083
Bug ID: 63083
Summary: Spinning thread in ssl_io_input_read in
ssl_engine_io.c against OpenSSL 1.1.1a
Product: Apache httpd-2
Version: 2.4.37
Hardware: Other
OS: Linux
Status: NEW
Severity: major
Priority: P2
Component: mod_ssl
Assignee: bugs@httpd.apache.org
Reporter: martyn.shakespeare@bt.com
Target Milestone: ---
Apache 2.4.37 dynamically linked against OpenSSL 1.1.1a using worker MPM
(default configuration). Occurs on both Oracle Enterprise Linux 5 and OEL7.
Certain URLs from security scanner software (two seen so far, one appears to be
for CVE-2017-5638, the other has mention of Python, from what I can see in the
debugger) cause the thread to spin in function ssl_io_input_read in
ssl_engine_io.c within the while(1) loop. ssl_err=2 (SSL_ERROR_WANT_READ) and
*len=0, so we loop forever back and forth from the SSL library. No errors
logged.
It would be helpful if e.g. the timeout values were checked in this loop so
that this situation could be avoided.
I'll try to get exact details of what the security team are doing to provoke
this and add later.
FWIW, a typical stack trace from the thread:
#0 0x00002ad77ea27355 in ssl_read_internal ()
from /software/bea/openssl/1.1.1a/lib/libssl.so.1.1
No symbol table info available.
#1 0x00002ad77ea276e5 in SSL_read ()
from /software/bea/openssl/1.1.1a/lib/libssl.so.1.1
No symbol table info available.
#2 0x00002ad77e7c6894 in ssl_io_input_read (inctx=0x16ac00e8,
buf=0x16ac0130 "GET
/np_handler/?OPERATION=get&PAGE=User&OUTER_TAB=tab_myshares&INNER_TAB=NONE&user=null&addr=IP360%22)%3B%60echo%20IP360%20Scan%60%3B%23
HTTP/1.0\r\n\r\n-Encoding: identity\r\nContent-Length: 83\r\nHost: 10."...,
len=0x2ad79050feb8) at ssl_engine_io.c:673
wanted = 8192
bytes = 0
rc = -1
#3 0x00002ad77e7c9b4b in ssl_io_input_getline (f=0x16ac2138, bb=0x16aa40f0,
mode=<value optimized out>, block=<value optimized out>, readbytes=0)
at ssl_engine_io.c:802
No locals.
#4 ssl_io_filter_input (f=0x16ac2138, bb=0x16aa40f0,
mode=<value optimized out>, block=<value optimized out>, readbytes=0)
at ssl_engine_io.c:1565
status = 70023
inctx = 0x167d4170
start = 0x16ac0130 "GET
/np_handler/?OPERATION=get&PAGE=User&OUTER_TAB=tab_myshares&INNER_TAB=NONE&user=null&addr=IP360%22)%3B%60echo%20IP360%20Scan%60%3B%23
HTTP/1.0\r\n\r\n-Encoding: identity\r\nContent-Length: 83\r\nHost: 10."...
len = 0
is_init = <value optimized out>
bucket = <value optimized out>
#5 0x000000000043c2ed in ap_rgetline_core (s=0x16aa2c10, n=8192,
read=0x2ad790510000, r=0x16aa2be0, flags=2, bb=0x16aa40f0)
at protocol.c:246
rv = 380251152
e = <value optimized out>
bytes_handled = 0
current_alloc = 0
pos = 0x166d3a58 "\270\067m\026"
last_char = 0x0
do_alloc = 1
saw_eos = 0
nospc_eol = 0
saw_eol = 0
saw_nospc = 0
#6 0x000000000043de07 in read_request_line (conn=0x166d3a58) at protocol.c:682
No locals.
#7 ap_read_request (conn=0x166d3a58) at protocol.c:1322
r = 0x16aa2be0
p = 0x16aa2b68
expect = <value optimized out>
access_status = <value optimized out>
tmp_bb = 0x16aa40f0
csd = <value optimized out>
cur_timeout = <value optimized out>
#8 0x00000000004667a5 in ap_process_http_sync_connection (c=0x166d3a58)
at http_core.c:192
No locals.
#9 ap_process_http_connection (c=0x166d3a58) at http_core.c:251
No locals.
#10 0x000000000045de2a in ap_run_process_connection (c=0x166d3a58)
at connection.c:42
n = 1
rv = 8192
#11 0x0000000000470cd9 in process_socket (thd=0x1654b608,
dummy=<value optimized out>) at worker.c:479
current_conn = 0x166d3a58
conn_id = 23
sbh = 0x166d3a50
#12 worker_thread (thd=0x1654b608, dummy=<value optimized out>) at worker.c:808
process_slot = 0
thread_slot = 23
csd = 0x166d3840
bucket_alloc = 0x16a8e888
last_ptrans = <value optimized out>
ptrans = 0x166d37b8
rv = <value optimized out>
is_idle = <value optimized out>
#13 0x00000039a420683d in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#14 0x00000039a3ad518d in clone () from /lib64/libc.so.6
No symbol table info available.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 63083] Spinning thread in ssl_io_input_read in ssl_engine_io.c
against OpenSSL 1.1.1a
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63083
Joe Orton <jo...@redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |DUPLICATE
Status|NEW |RESOLVED
--- Comment #1 from Joe Orton <jo...@redhat.com> ---
*** This bug has been marked as a duplicate of bug 63052 ***
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org