You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Sander Striker <st...@apache.org> on 2001/09/21 11:45:48 UTC
[BUG] mod_ssl
Hi,
Sorry to bring this up, but I tripped over a segfault
in mod_ssl while trying to add client authentication
to subversion.
I can't reproduce this with openssl s_client, which
makes the issue harder. There probably is a bug somewhere
in svn or neon (or my usage of that), but that doesn't
really matter, segfaults should never happen. I'll try to
come up with a simple repro recipe, but right now, there isn't
one without installing subversion and doing mods to that.
Here's the stack trace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 30066)]
0x400cb318 in SSL_ctrl () from /opt/ssl/lib/libssl.so.0.9.6
(gdb) bt
#0 0x400cb318 in SSL_ctrl () from /opt/ssl/lib/libssl.so.0.9.6
#1 0x80de62c in __DTOR_END__ () at eval.c:88
#2 0x80af76c in ap_pass_brigade (next=0x81a4fd4, bb=0x815a204) at
util_filter.c:276
#3 0x807f236 in ap_http_header_filter (f=0x815584c, b=0x8159f24) at
http_protocol.c:1322
#4 0x80af76c in ap_pass_brigade (next=0x815584c, bb=0x8159f24) at
util_filter.c:276
#5 0x80b18d1 in ap_content_length_filter (f=0x8155824, b=0x8159f24) at
protocol.c:976
#6 0x80af76c in ap_pass_brigade (next=0x8155824, bb=0x8159f24) at
util_filter.c:276
#7 0x80811a7 in ap_byterange_filter (f=0x81557fc, bb=0x8159f24) at
http_protocol.c:2523
#8 0x80af76c in ap_pass_brigade (next=0x81557fc, bb=0x8159f24) at
util_filter.c:276
#9 0x806ac51 in send_parsed_content (bb=0xbffff948, r=0x81540ac,
f=0x815577c) at mod_include.c:2934
#10 0x806b174 in includes_filter (f=0x815577c, b=0x8159f24) at
mod_include.c:3094
#11 0x80af76c in ap_pass_brigade (next=0x815577c, bb=0x8159f24) at
util_filter.c:276
#12 0x80b1169 in end_output_stream (r=0x81540ac) at protocol.c:729
#13 0x80b11db in ap_finalize_request_protocol (r=0x814fe64) at
protocol.c:749
#14 0x808059b in ap_send_error_response (r=0x814fe64, recursive_error=400)
at http_protocol.c:2033
#15 0x80817b6 in ap_die (type=400, r=0x81540ac) at http_request.c:227
#16 0x8081d1f in ap_internal_redirect (new_uri=0x814ce14
"/error/HTTP_FORBIDDEN.html.var", r=0x814fe64) at http_request.c:446
#17 0x8081770 in ap_die (type=403, r=0x814fe64) at http_request.c:212
#18 0x80818ba in ap_process_request (r=0x814fe64) at http_request.c:297
#19 0x807d19a in ap_process_http_connection (c=0x814df24) at http_core.c:287
#20 0x80ada5b in ap_run_process_connection (c=0x814df24) at connection.c:82
#21 0x80adc30 in ap_process_connection (c=0x814df24) at connection.c:219
#22 0x80a2512 in child_main (child_num_arg=0) at prefork.c:830
#23 0x80a266a in make_child (s=0x80e9f44, slot=0) at prefork.c:917
#24 0x80a26ec in startup_children (number_to_start=1) at prefork.c:940
#25 0x80a2ae5 in ap_mpm_run (_pconf=0x80e88ec, plog=0x8120aac, s=0x80e9f44)
at prefork.c:1156
#26 0x80a8493 in main (argc=1, argv=0xbffffdac) at main.c:431
#27 0x401f126a in __libc_start_main (main=0x80a7f08 <main>, argc=1,
ubp_av=0xbffffdac, init=0x8062f94 <_init>, fini=0x80bfb24 <_fini>,
rtld_fini=0x4000daa4 <_dl_fini>, stack_end=0xbffffd9c) at
../sysdeps/generic/libc-start.c:129
Maybe a seasoned mod_ssl developer can see something obvious in here...
If someone is interested in doing a debug session, please contact me,
so I can setup an account on my box or send you full details on how
to reproduce.
Oh, some details. If I switch of client authentication (ie, no
SSLVerifyClient require) all works well.
Error log:
[Fri Sep 21 11:36:34 2001] [notice] Apache/2.0.26-dev (Unix) mod_ssl/3.0a0
OpenSSL/0.9.6b DAV/2 SVN/M3 configured -- resuming normal operations
[Fri Sep 21 11:36:34 2001] [info] Server built: Sep 21 2001 08:58:09
[Fri Sep 21 11:36:52 2001] [error] mod_ssl: Re-negotiation handshake failed:
Not accepted by client!?
[Fri Sep 21 11:36:52 2001] [error] mod_ssl: SSL handshake failed (server
striker.xs4all.nl:443, client 192.168.0.1) (OpenSSL library error follows)
[Fri Sep 21 11:36:52 2001] [error] OpenSSL: error:140940F5:SSL
routines:SSL3_READ_BYTES:unexpected record
[Fri Sep 21 11:36:52 2001] [error] mod_ssl: Re-negotiation handshake failed:
Not accepted by client!?
[Fri Sep 21 11:36:52 2001] [error] mod_ssl: SSL handshake failed (server
striker.xs4all.nl:443, client 192.168.0.1) (OpenSSL library error follows)
[Fri Sep 21 11:36:52 2001] [error] OpenSSL: error:140940F5:SSL
routines:SSL3_READ_BYTES:unexpected record
[Fri Sep 21 11:36:52 2001] [error] mod_ssl: Re-negotiation handshake failed:
Not accepted by client!?
[Fri Sep 21 11:36:53 2001] [notice] child pid 32521 exit signal Segmentation
fault (11)
[Fri Sep 21 11:36:53 2001] [notice] child pid 32519 exit signal Segmentation
fault (11)
Sander
Re: [BUG] mod_ssl
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
From: "Sander Striker" <st...@apache.org>
Sent: Friday, September 21, 2001 4:45 AM
> Sorry to bring this up, but I tripped over a segfault
> in mod_ssl while trying to add client authentication
> to subversion.
>
> I can't reproduce this with openssl s_client, which
> makes the issue harder. There probably is a bug somewhere
> in svn or neon (or my usage of that), but that doesn't
> really matter, segfaults should never happen. I'll try to
> come up with a simple repro recipe, but right now, there isn't
> one without installing subversion and doing mods to that.
There is one of a dozen things going on. Let's drop a few.
Would you try disabling includes on /error/ documents, then
drop the error documents altogether, and let us know if you
don't die() with an error if things come out alright?
I suspect it's the internal redirct that has lost some state
back from the original connection/request, or worse (and my
fear) that due to the client mis-validation - we've broken the
ssl state or never completed the ssl setup, allowing us to die
with error feedback to the misvalidated client.
Try dropping mod_include and let's see what that accomplishes.
Bill