You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Alexander Lazic <al...@none.at> on 2005/03/26 11:27:27 UTC
2.1 trunk => ab -v 2 segfault
Hi,
i use the 2.1 tunk ab and have found 2 segfaults, it think.
the first one was easy to find:
in ssl_print_cert_info() the buf is 64 not BUFSIZ
for eg. =>X509_NAME_oneline(dn, buf, BUFSIZ);
The second one was not so easy to find because i'am not very familiar
with the openssl-development.
After the test i get a segfault:
gdb /home/al/progs/http-2.1/bin/ab
(gdb) set args -v 2 -g gnuplot_ab -sn1 -c2 https://$SERVER/
(gdb) dir /home/al/download/openssl/openssl-0.9.7f/crypto/asn1:/home/al/download/openssl/openssl-0.9.7f/crypto/x509v3:/home/al/download/openssl/openssl-0.9.7f/crypto/x509:/home/al/download/apachestuff/httpd-2.1_cvs-2005-03-25/srclib/apr-util:/home/al/download/apachestuff/httpd-2.1_cvs-2005-03-25/srclib/apr:/home/al/download/openssl/openssl-0.9.7f/ssl:/home/al/download/openssl/openssl-0.9.7f/crypto:/home/al/download/openssl/openssl-0.9.7f/crypto/bio:/home/al/download/openssl/openssl-0.9.7f/crypto/stack:/home/al/download/openssl/openssl-0.9.7f/crypto/objects
(gdb) run
---
SSL read failed - closing connection
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1210231712 (LWP 19528)]
ASN1_STRING_free (a=0x291) at asn1_lib.c:393
393 if (a->data != NULL) OPENSSL_free(a->data);
(gdb) bt
#0 ASN1_STRING_free (a=0x291) at asn1_lib.c:393
#1 0x0807979f in ASN1_primitive_free (pval=0x80f5ae4, it=0x0) at tasn_fre.c:224
#2 0x080797d0 in ASN1_primitive_free (pval=0xb7f0787c, it=0x0) at tasn_fre.c:219
#3 0x080cd848 in X509_ALGOR_seq_tt ()
#4 0x080cd848 in X509_ALGOR_seq_tt ()
#5 0x080cd848 in X509_ALGOR_seq_tt ()
#6 0x0807972f in ASN1_template_free (pval=0xb7f0787c, tt=0x80cd834) at tasn_fre.c:174
#7 0x00000071 in ?? ()
#8 0x080c22d4 in X509_CERT_AUX_it ()
#9 0x00000003 in ?? ()
#10 0x080cd848 in X509_ALGOR_seq_tt ()
#11 0x0811dfdc in ?? ()
#12 0x00000000 in ?? ()
#13 0x00000000 in ?? ()
#14 0x08079985 in asn1_item_combine_free (pval=0x80c2588, it=0xb7f0787c, combine=135059508) at tasn_fre.c:151
Previous frame inner to this frame (corrupt stack?)
---
Please can anybody look at this issuse ;-)
al ;-)
Re: 2.1 trunk => ab -v 2 segfault
Posted by Sander Temme <sa...@temme.net>.
On Apr 15, 2005, at 4:25 AM, Alexander Lazic wrote:
>> one of the segfaults was because you're using a -c value > -n, which
>> doesn't really make sense; I changed ab to reject that.
>
> Ops, sorry :-(
Don't be sorry, it's still a bug. (:
S.
--
sander@temme.net http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: 2.1 trunk => ab -v 2 segfault
Posted by Alexander Lazic <al...@none.at>.
Hi,
On Fre 15.04.2005 11:54, Joe Orton wrote:
>
>Thanks for the report, there were three segfaults actually; I've fixed
>them on the trunk.
Thanks ;-)
>one of the segfaults was because you're using a -c value > -n, which
>doesn't really make sense; I changed ab to reject that.
Ops, sorry :-(
al ;-)
Re: 2.1 trunk => ab -v 2 segfault
Posted by Joe Orton <jo...@redhat.com>.
On Sat, Mar 26, 2005 at 11:27:27AM +0100, Alexander Lazic wrote:
> Hi,
>
> i use the 2.1 tunk ab and have found 2 segfaults, it think.
>
> the first one was easy to find:
> in ssl_print_cert_info() the buf is 64 not BUFSIZ
> for eg. =>X509_NAME_oneline(dn, buf, BUFSIZ);
>
> The second one was not so easy to find because i'am not very familiar
> with the openssl-development.
Thanks for the report, there were three segfaults actually; I've fixed
them on the trunk.
> After the test i get a segfault:
>
> gdb /home/al/progs/http-2.1/bin/ab
> (gdb) set args -v 2 -g gnuplot_ab -sn1 -c2 https://$SERVER/
one of the segfaults was because you're using a -c value > -n, which
doesn't really make sense; I changed ab to reject that.
Regards,
joe