You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2011/09/23 16:45:19 UTC
DO NOT REPLY [Bug 51884] New: Apache child segfaults when PHP makes
LDAP calls
https://issues.apache.org/bugzilla/show_bug.cgi?id=51884
Bug #: 51884
Summary: Apache child segfaults when PHP makes LDAP calls
Product: Apache httpd-2
Version: 2.2.21
Platform: PC
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: mod_ldap
AssignedTo: bugs@httpd.apache.org
ReportedBy: gradysghost@gmail.com
Classification: Unclassified
When Apache attempts to load a page where PHP makes any LDAP calls
(ldap_connect is typically the function that leads to failure here), the child
process (or main process in no-thread mode) throws a segmentation fault and
dies. I wrote a test PHP script to connect to our LDAP server and pull down
some basic information. Apache segfaults when I load this page as well, but if
I run this directly through PHP's CLI parser, it succeeds immediately. As far
as I can tell, my config is proper. Upon failure, the error reported by all
browsers I've tested is an HTTP 324 (ERR_EMPTY_RESPONSE).
Running on Solaris 10 with the latest patches applied. httpd is version
2.2.21, compiled from source. Here are my configure strings:
OpenLDAP 2.4.23: ./configure --prefix=/opt/utsawebstack/lib/ --disable-slapd
--disable-slurpd
Apache httpd 2.2.21: ./configure --prefix=/opt/utsawebstack/apache2 --with-ldap
--enable-auth-ldap=shared --enable-ldap=shared --enable-headers=shared
--enable-mime-magic=shared --enable-proxy=shared --enable-rewrite=shared
--enable-mods-shared --enable-ssl=shared --with-z=/opt/utsawebstack/lib
PHP 5.3.8: ./configure --prefix=/opt/utsawebstack/php
--with-apxs2=/opt/utsawebstack/apache2/bin/apxs
--with-zlib=/opt/utsawebstack/lib --with-curl=/opt/utsawebstack/lib
--with-iconv=/opt/utsawebstack/lib --with-ldap=/opt/utsawebstack/lib
--enable-calendar --with-mysql=mysqlnd --with-mysqli=mysqlnd --enable-sockets
--enable-zip --with-pear -with-mcrypt=/opt/utsawebstack/lib --enable-mbstring
### Single User Mode -> load test script
# ./httpd -X
httpd: Could not reliably determine the server's fully qualified domain name,
using 10.9.11.163 for ServerName
Segmentation Fault
### error_log output with 'LogLevel debug'
### This output comes from a test where I launch httpd
### load the failing test page, then stop httpd
[Fri Sep 23 09:38:43 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Fri Sep 23 09:38:43 2011] [info] Init: Generating temporary RSA private keys
(512/1024 bits)
[Fri Sep 23 09:38:43 2011] [info] Init: Generating temporary DH parameters
(512/1024 bits)
[Fri Sep 23 09:38:43 2011] [debug] ssl_scache_dbm.c(408): Inter-Process Session
Cache (DBM) Expiry: old: 0, new: 0, removed: 0
[Fri Sep 23 09:38:43 2011] [info] Init: Initializing (virtual) servers for SSL
[Fri Sep 23 09:38:43 2011] [info] mod_ssl/2.2.21 compiled against Server:
Apache/2.2.21, Library: OpenSSL/0.9.7d
[Fri Sep 23 09:38:43 2011] [debug] util_ldap.c(1990): LDAP merging Shared Cache
conf: shm=0x812ff30 rmm=0x812ff60 for VHOST: stacker.it.utsa.edu
[Fri Sep 23 09:38:43 2011] [debug] util_ldap.c(1990): LDAP merging Shared Cache
conf: shm=0x812ff30 rmm=0x812ff60 for VHOST: stacker.it.utsa.edu
[Fri Sep 23 09:38:43 2011] [info] APR LDAP: Built with Sun Microsystems Inc.
LDAP SDK
[Fri Sep 23 09:38:43 2011] [info] LDAP: SSL support unavailable: LDAP:
ldapssl_client_init() failed.
[Fri Sep 23 09:38:43 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Fri Sep 23 09:38:43 2011] [info] Init: Generating temporary RSA private keys
(512/1024 bits)
[Fri Sep 23 09:38:43 2011] [info] Init: Generating temporary DH parameters
(512/1024 bits)
[Fri Sep 23 09:38:43 2011] [debug] ssl_scache_dbm.c(408): Inter-Process Session
Cache (DBM) Expiry: old: 0, new: 0, removed: 0
[Fri Sep 23 09:38:43 2011] [info] Init: Initializing (virtual) servers for SSL
[Fri Sep 23 09:38:43 2011] [info] mod_ssl/2.2.21 compiled against Server:
Apache/2.2.21, Library: OpenSSL/0.9.7d
[Fri Sep 23 09:38:43 2011] [warn] pid file
/opt/utsawebstack/apache2/logs/httpd.pid overwritten -- Unclean shutdown of
previous Apache run?
[Fri Sep 23 09:38:43 2011] [debug] proxy_util.c(1818): proxy: grabbed
scoreboard slot 0 in child 19842 for worker proxy:reverse
[Fri Sep 23 09:38:43 2011] [debug] proxy_util.c(1934): proxy: initialized
single connection worker 0 in child 19842 for (*)
[Fri Sep 23 09:38:43 2011] [debug] proxy_util.c(1818): proxy: grabbed
scoreboard slot 0 in child 19843 for worker proxy:reverse
[Fri Sep 23 09:38:43 2011] [debug] proxy_util.c(1837): proxy: worker
proxy:reverse already initialized
[Fri Sep 23 09:38:43 2011] [debug] proxy_util.c(1934): proxy: initialized
single connection worker 0 in child 19843 for (*)
[Fri Sep 23 09:38:43 2011] [debug] proxy_util.c(1818): proxy: grabbed
scoreboard slot 0 in child 19844 for worker proxy:reverse
[Fri Sep 23 09:38:43 2011] [debug] proxy_util.c(1837): proxy: worker
proxy:reverse already initialized
[Fri Sep 23 09:38:43 2011] [debug] proxy_util.c(1934): proxy: initialized
single connection worker 0 in child 19844 for (*)
[Fri Sep 23 09:38:43 2011] [notice] Apache/2.2.21 (Unix) mod_ssl/2.2.21
OpenSSL/0.9.7d PHP/5.3.8 configured -- resuming normal operations
[Fri Sep 23 09:38:43 2011] [info] Server built: Sep 22 2011 16:58:51
[Fri Sep 23 09:38:43 2011] [debug] prefork.c(1023): AcceptMutex: pthread
(default: pthread)
[Fri Sep 23 09:38:43 2011] [debug] proxy_util.c(1818): proxy: grabbed
scoreboard slot 0 in child 19845 for worker proxy:reverse
[Fri Sep 23 09:38:43 2011] [debug] proxy_util.c(1837): proxy: worker
proxy:reverse already initialized
[Fri Sep 23 09:38:43 2011] [debug] proxy_util.c(1934): proxy: initialized
single connection worker 0 in child 19845 for (*)
[Fri Sep 23 09:38:43 2011] [debug] proxy_util.c(1818): proxy: grabbed
scoreboard slot 0 in child 19846 for worker proxy:reverse
[Fri Sep 23 09:38:43 2011] [debug] proxy_util.c(1837): proxy: worker
proxy:reverse already initialized
[Fri Sep 23 09:38:43 2011] [debug] proxy_util.c(1934): proxy: initialized
single connection worker 0 in child 19846 for (*)
[Fri Sep 23 09:38:48 2011] [debug] proxy_util.c(1818): proxy: grabbed
scoreboard slot 0 in child 19851 for worker proxy:reverse
[Fri Sep 23 09:38:48 2011] [debug] proxy_util.c(1837): proxy: worker
proxy:reverse already initialized
[Fri Sep 23 09:38:48 2011] [debug] proxy_util.c(1934): proxy: initialized
single connection worker 0 in child 19851 for (*)
[Fri Sep 23 09:38:48 2011] [info] removed PID file
/opt/utsawebstack/apache2/logs/httpd.pid (pid=19841)
[Fri Sep 23 09:38:48 2011] [notice] caught SIGTERM, shutting down
[Fri Sep 23 09:38:48 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Fri Sep 23 09:38:48 2011] [info] Init: Generating temporary RSA private keys
(512/1024 bits)
[Fri Sep 23 09:38:48 2011] [info] Init: Generating temporary DH parameters
(512/1024 bits)
[Fri Sep 23 09:38:48 2011] [debug] ssl_scache_dbm.c(408): Inter-Process Session
Cache (DBM) Expiry: old: 0, new: 0, removed: 0
[Fri Sep 23 09:38:48 2011] [info] Init: Initializing (virtual) servers for SSL
[Fri Sep 23 09:38:48 2011] [info] mod_ssl/2.2.21 compiled against Server:
Apache/2.2.21, Library: OpenSSL/0.9.7d
[Fri Sep 23 09:38:48 2011] [debug] util_ldap.c(1990): LDAP merging Shared Cache
conf: shm=0x812ff30 rmm=0x812ff60 for VHOST: stacker.it.utsa.edu
[Fri Sep 23 09:38:48 2011] [debug] util_ldap.c(1990): LDAP merging Shared Cache
conf: shm=0x812ff30 rmm=0x812ff60 for VHOST: stacker.it.utsa.edu
[Fri Sep 23 09:38:48 2011] [info] APR LDAP: Built with Sun Microsystems Inc.
LDAP SDK
[Fri Sep 23 09:38:48 2011] [info] LDAP: SSL support unavailable: LDAP:
ldapssl_client_init() failed.
[Fri Sep 23 09:38:48 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Fri Sep 23 09:38:48 2011] [info] Init: Generating temporary RSA private keys
(512/1024 bits)
[Fri Sep 23 09:38:48 2011] [info] Init: Generating temporary DH parameters
(512/1024 bits)
[Fri Sep 23 09:38:48 2011] [debug] ssl_scache_dbm.c(408): Inter-Process Session
Cache (DBM) Expiry: old: 0, new: 0, removed: 0
[Fri Sep 23 09:38:48 2011] [info] Init: Initializing (virtual) servers for SSL
[Fri Sep 23 09:38:48 2011] [info] mod_ssl/2.2.21 compiled against Server:
Apache/2.2.21, Library: OpenSSL/0.9.7d
[Fri Sep 23 09:38:48 2011] [debug] proxy_util.c(1818): proxy: grabbed
scoreboard slot 0 in child 19857 for worker proxy:reverse
[Fri Sep 23 09:38:48 2011] [debug] proxy_util.c(1934): proxy: initialized
single connection worker 0 in child 19857 for (*)
[Fri Sep 23 09:38:48 2011] [debug] proxy_util.c(1818): proxy: grabbed
scoreboard slot 0 in child 19858 for worker proxy:reverse
[Fri Sep 23 09:38:48 2011] [debug] proxy_util.c(1837): proxy: worker
proxy:reverse already initialized
[Fri Sep 23 09:38:48 2011] [debug] proxy_util.c(1934): proxy: initialized
single connection worker 0 in child 19858 for (*)
[Fri Sep 23 09:38:48 2011] [notice] Apache/2.2.21 (Unix) mod_ssl/2.2.21
OpenSSL/0.9.7d PHP/5.3.8 configured -- resuming normal operations
[Fri Sep 23 09:38:48 2011] [info] Server built: Sep 22 2011 16:58:51
[Fri Sep 23 09:38:48 2011] [debug] prefork.c(1023): AcceptMutex: pthread
(default: pthread)
[Fri Sep 23 09:38:48 2011] [debug] proxy_util.c(1818): proxy: grabbed
scoreboard slot 0 in child 19859 for worker proxy:reverse
[Fri Sep 23 09:38:48 2011] [debug] proxy_util.c(1837): proxy: worker
proxy:reverse already initialized
[Fri Sep 23 09:38:48 2011] [debug] proxy_util.c(1934): proxy: initialized
single connection worker 0 in child 19859 for (*)
[Fri Sep 23 09:38:48 2011] [debug] proxy_util.c(1818): proxy: grabbed
scoreboard slot 0 in child 19860 for worker proxy:reverse
[Fri Sep 23 09:38:48 2011] [debug] proxy_util.c(1837): proxy: worker
proxy:reverse already initialized
[Fri Sep 23 09:38:48 2011] [debug] proxy_util.c(1934): proxy: initialized
single connection worker 0 in child 19860 for (*)
[Fri Sep 23 09:38:48 2011] [debug] proxy_util.c(1818): proxy: grabbed
scoreboard slot 0 in child 19861 for worker proxy:reverse
[Fri Sep 23 09:38:48 2011] [debug] proxy_util.c(1837): proxy: worker
proxy:reverse already initialized
[Fri Sep 23 09:38:48 2011] [debug] proxy_util.c(1934): proxy: initialized
single connection worker 0 in child 19861 for (*)
[Fri Sep 23 09:38:56 2011] [info] removed PID file
/opt/utsawebstack/apache2/logs/httpd.pid (pid=19856)
[Fri Sep 23 09:38:56 2011] [notice] caught SIGTERM, shutting down
Any ideas?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 51884] Apache child segfaults when PHP makes LDAP
calls
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=51884
Ryan Jung <gr...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|INVALID |FIXED
--- Comment #5 from Ryan Jung <gr...@gmail.com> 2011-09-28 16:18:58 UTC ---
William, you're absolutely right. I apologize for going to the wrong place.
This is the last you'll hear from me on this thread, but just in case Google
returns this page for others with this problem, I'm going to post the solution
I found. Hope you don't mind.
Basically, I mistakenly assumed that the --with-ldap configure argument would
accept a directory to look for the OpenLDAP libs in. It does not. I used
--with-ldap with no directory attached to it in conjunction with
--with-ldap-libs=/my/openldap/lib/dir and
--with-ldap-include=/my/openldap/include/dir
Found the solution in some random RedHat forum out there. Anyway, thanks for
the help, guys.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 51884] Apache child segfaults when PHP makes LDAP
calls
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=51884
--- Comment #2 from Ryan Jung <gr...@gmail.com> 2011-09-23 15:32:14 UTC ---
As I have nothing to do except fix this, I will try your suggestion. Is there
a way to compile Apache against OpenLDAP? For the project I'm working on, it's
best if the LDAP libraries are packaged with the rest of this web stack. I
have tried using --with-ldap=/opt/utsawebstack/lib/lib (where OpenLDAP libs end
up after their compilation), but I think that failed to build. I will
reattempt that as well.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 51884] Apache child segfaults when PHP makes LDAP
calls
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=51884
--- Comment #3 from Rainer Jung <ra...@kippdata.de> 2011-09-23 15:50:30 UTC ---
My experience says that's hard to do, because some of the system libs needed by
Apache themselves will load sytem LDAP.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 51884] Apache child segfaults when PHP makes LDAP
calls
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=51884
William A. Rowe Jr. <wr...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #4 from William A. Rowe Jr. <wr...@apache.org> 2011-09-23 16:35:15 UTC ---
Bugzilla is not a support forum; users@httpd.apache.org or php's users or
installation mailing lists are.
http://php.net/mailing-lists.php
http://httpd.apache.org/lists.html#http-users
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 51884] Apache child segfaults when PHP makes LDAP
calls
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=51884
--- Comment #1 from Rainer Jung <ra...@kippdata.de> 2011-09-23 15:16:26 UTC ---
It looks like you build Apache against Solaris LDAP and PHP against OpenLDAP.
When running the Apache with PHP, the runtime linker will first load system
LDAP (the Apache dependency) and then OpenLDAP (when loading the PHP module).
Now when calling actual LDAP functions from within mod_php, the runtime linker
will not resolve the symbols first in OpenLDAP, but will search all libs in the
original loading order, so system LDAP first. If it finds a symbol there, it
will use it there, if not then in OpenLDAP. This can easily lead to
inconsistencies and crashes.
Check, whether it is true, that your Apache including mod_php loads different
versions of LDAP. Use e.g. Solaris "pldd". Then try to produce a core for the
crash and check with "pstack" or a debugger, where the crash happens, e.g. if
it happens inside an LDAP function. If so, the above situation is likely the
culprit.
Think about building PHP against the system LDAP. As an alternative, you can
try the so-called "direct" linking (linker flag -Bdirect), which changes the
runtime linker search order. But that might lead to a tedious exercise in
changing build files.
Regards,
Rainer
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org