You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Sander Striker <st...@apache.org> on 2001/09/11 10:39:34 UTC

RE: Optimizing dir_merge() AND RE: [BUG] mod_ssl broken

> From: William A. Rowe, Jr. [mailto:wrowe@rowe-clan.net]

> My location_walk optimization (which suffers a potential bug, per
> our svn friends) takes an entirely different tact, which renders
> that whole idea DOA.

Ok, to rule out the possibility it is in the optimization code
I reverted to request.c 1.47.  The bug remains:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 21805)]
0x806dd1d in ssl_config_perdir_merge (p=0x814e20c, basev=0x0,
addv=0x8192e2c) at ssl_engine_config.c:269
269         cfgMergeArray(aRequirement);
(gdb) bt
#0  0x806dd1d in ssl_config_perdir_merge (p=0x814e20c, basev=0x0,
addv=0x8192e2c) at ssl_engine_config.c:269
#1  0x80a2c15 in ap_merge_per_dir_configs (p=0x814e20c, base=0x8192f14,
new_conf=0x8192c34) at config.c:262
#2  0x80b7284 in ap_location_walk (r=0x814e23c) at request.c:1169
#3  0x80b6511 in ap_process_request_internal (r=0x814e23c) at request.c:154
#4  0x8080ba0 in ap_process_request (r=0x814e23c) at http_request.c:284
#5  0x807c4fa in ap_process_http_connection (c=0x814c2fc) at http_core.c:287
#6  0x80ac6db in ap_run_process_connection (c=0x814c2fc) at connection.c:82
#7  0x80ac8b0 in ap_process_connection (c=0x814c2fc) at connection.c:219
#8  0x80a13b2 in child_main (child_num_arg=1) at prefork.c:829
#9  0x80a150a in make_child (s=0x80e831c, slot=1) at prefork.c:916
#10 0x80a174f in perform_idle_server_maintenance (p=0x80e6cc4) at
prefork.c:1057
#11 0x80a1b2f in ap_mpm_run (_pconf=0x80e6cc4, plog=0x811ee84, s=0x80e831c)
at prefork.c:1235
#12 0x80a7323 in main (argc=1, argv=0xbffffd9c) at main.c:431
#13 0x401f026a in __libc_start_main (main=0x80a6d98 <main>, argc=1,
ubp_av=0xbffffd9c, init=0x8062460 <_init>, fini=0x80be7c4 <_fini>,
    rtld_fini=0x4000daa4 <_dl_fini>, stack_end=0xbffffd8c) at
../sysdeps/generic/libc-start.c:129

Somewhere between ap_merge_per_dir_configs and ssl_config_perdir_merge
base is reset to NULL.  Will investigate further.

For completeness, the relevant part of my config:

<VirtualHost _default_:443>
    SSLEngine on

    SSLCACertificatePath /var/openssl/ca/private
    SSLCACertificateFile /var/openssl/ca/private/cacert.pem

    SSLCertificateFile /var/openssl/ca/certs/striker.xs4all.nl-cert.pem
    SSLCertificateKeyFile /var/openssl/ca/certs/striker.xs4all.nl-key.pem

    DocumentRoot /opt/httpd/htdocs
    ServerName striker.xs4all.nl

    <Location /svn>
        SSLRequireSSL
#        SSLVerifyClient require
#        SSLVerifyDepth 1

        DAV svn
        SVNPath /home/svn
    </Location>


</VirtualHost>

<Location /svn>
   DAV svn
   SVNPath /home/svn
</Location>

[trying again]

Ah, the first loop through ap_merge_per_dir_configs seems to
be ok.

Second time through ap_merge_per_dir_configs:

Breakpoint 4, ap_merge_per_dir_configs (p=0x814e20c, base=0x8192f14,
new_conf=0x8192c34) at config.c:262
262                 conf_vector[i] = (*df) (p, base_vector[i],
new_vector[i]);
(gdb) p *modp
$6 = {version = 20010825, minor_version = 0, module_index = 7, name =
0x80c0caf "mod_ssl.c", dynamic_load_handle = 0x0, next = 0x80da140,
  magic = 1095774768, rewrite_args = 0, create_dir_config = 0x806dc6c
<ssl_config_perdir_create>, merge_dir_config = 0x806dce0
<ssl_config_perdir_merge>,
  create_server_config = 0x806d9c4 <ssl_config_server_create>,
merge_server_config = 0x806dab4 <ssl_config_server_merge>, cmds = 0x80da180,
  register_hooks = 0x806d760 <ssl_register_hooks>}
(gdb) s
0x806dce3 in ssl_config_perdir_merge (p=0x814e20c, basev=0x0,
addv=0x8192e2c) at ssl_engine_config.c:263
263     {


Now, why is base_vector[i] == NULL now?
It isn't wrowes caching code, because that is not in here (request.c 1.47).

Thoughts anyone?


Sander

Re: Optimizing dir_merge() AND RE: [BUG] mod_ssl broken

Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.

From: "Sander Striker" <st...@apache.org>
Sent: Thursday, September 13, 2001 7:30 AM


> Ok, now I have a repro recipe that doesn't require
> mod_dav and mod_dav_svn.

Well, I took the easy way out, tried Doug's (using VirtualHost *)
and failed.  Probably would have worked if I tried his _exact_
test case with VirtualHost _default_ :/

Thanks for this case, I have something that I can reproduce.  Nothing
but the standard, (win32) built in modules are loaded besides SSL.

I'll work on this till it's wrapped.  Dang is this one a bear.  I know
why Doug's patch looked right - now I'm suspecting that we miss something
between the dir_walk flip to another vhost and the actual vhost parsing
itself (since VirtualHost * doesn't seem to trigger it.)

Bill

RE: Optimizing dir_merge() AND RE: [BUG] mod_ssl broken

Posted by Sander Striker <st...@apache.org>.

> From: William A. Rowe, Jr. [mailto:wrowe@rowe-clan.net]
> Sent: 21 September 2001 08:38
> From: "Sander Striker" <st...@apache.org>
> Sent: Thursday, September 13, 2001 7:30 AM
> 
> 
> > Ok, now I have a repro recipe that doesn't require
> > mod_dav and mod_dav_svn.
> 
> The last commit should have fixed the problem (and does with
> your mod_ssl example.)  Could you go back and check mod_dav
> with mod_dav_svn to assure I've licked it?
> 
> Bill

I just tried it.  Works like a charm.  Thanks Bill.

Now I'll go back hunting for more segfaults :)
[I saw another one the other day, but am not sure it is related
 or not, will investigate]

Sander

Re: Optimizing dir_merge() AND RE: [BUG] mod_ssl broken

Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.

From: "Sander Striker" <st...@apache.org>
Sent: Thursday, September 13, 2001 7:30 AM


> Ok, now I have a repro recipe that doesn't require
> mod_dav and mod_dav_svn.

The last commit should have fixed the problem (and does with
your mod_ssl example.)  Could you go back and check mod_dav
with mod_dav_svn to assure I've licked it?

Bill

RE: Optimizing dir_merge() AND RE: [BUG] mod_ssl broken

Posted by Doug MacEachern <do...@covalent.net>.

On Thu, 13 Sep 2001, Sander Striker wrote:

can also reproduce with less in the mix:

Listen 8999
<VirtualHost _default_:8999>
    <Location /manual>
        #this can be any module with per-directory create+merge functions
        RequestHeader add Foo bar
    </Location>
</VirtualHost>

<Location /manual>
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
</Location>

0x40246225 in merge_headers_config (p=0x8230334, basev=0x0, 
                                                       ^^^
    overridesv=0x8220b54) at mod_headers.c:216
216         newconf->fixup_in = apr_array_append(p, base->fixup_in, overrides->fixup_in);


producable with any module that has a per-directory create and merge
function.  seems there needs to be merging with r->server->lookup_defaults, 
that is not currently happening.

if you remove the <Location /manual> from outside the vhost and put its
contents into the <Location /manual> inside the vhost, all is well.

RE: Optimizing dir_merge() AND RE: [BUG] mod_ssl broken

Posted by Sander Striker <st...@apache.org>.

Ok, now I have a repro recipe that doesn't require
mod_dav and mod_dav_svn.

Try this in httpd.conf:

<VirtualHost _default_:443>
    SSLEngine on

    SSLCACertificatePath /var/openssl/ca/private
    SSLCACertificateFile /var/openssl/ca/private/ca.cert

    SSLCertificateFile /var/openssl/ca/certs/striker.xs4all.nl.cert
    SSLCertificateKeyFile /var/openssl/ca/certs/striker.xs4all.nl.key

    DocumentRoot /opt/httpd/htdocs
    ServerName striker.xs4all.nl

    <Location /manual>
        SSLRequireSSL
    </Location>
</VirtualHost>

<Location /manual>
    Order deny,allow
    Deny from all
    Allow from 192.168.0.1
</Location>

Try if you get the correct 'access forbidden' when
requesting http://192.168.0.1/manual.  I do.  This
step is probably not needed to reproduce, but here
for completeness since this functions as expected.

Then, request https://192.168.0.1/manual.  You will see
ssl being set up properly and then httpd segfaults.
Stack traces can be found earlier in this thread.

Ofcourse replace the certs, servername, ip etc with your own
relevant configuration info.


Sander


> From: Sander Striker [mailto:striker@apache.org]
> Sent: 13 September 2001 09:50
> Hi,
> 
> I can reproduce the problem easily now with
> openssl s_client.  If anyone is interested
> to hunt this bug down (I am personally not
> familiar enough with the location_walk code
> to find it (without spending more time on
> it than I have at the moment)), I can give
> an account on my box to observe the problem
> first hand.
> 
> Once again, it is not in the optimization code,
> I reverted to request.c 1.47 (with patch 1.49
> applied).
> 
> If someone has time, please help hunt this down
> so I can focus on working on the ssl side of
> subversion ;)
> 
> Sander
>

RE: Optimizing dir_merge() AND RE: [BUG] mod_ssl broken

Posted by Sander Striker <st...@apache.org>.

Hi,

I can reproduce the problem easily now with
openssl s_client.  If anyone is interested
to hunt this bug down (I am personally not
familiar enough with the location_walk code
to find it (without spending more time on
it than I have at the moment)), I can give
an account on my box to observe the problem
first hand.

Once again, it is not in the optimization code,
I reverted to request.c 1.47 (with patch 1.49
applied).

If someone has time, please help hunt this down
so I can focus on working on the ssl side of
subversion ;)

Sander