On Mon, Feb 15, 1999, Toru Takinaka wrote:
> >> sc->prsaKey->meth is a pointer of static variable.
> >> But it isn't valid after Apache's second initialization when I use chroot(1M)
> >> command without my patch.
> >Oh, _THAT'S_ the problem: the static variable inside SSLeay/OpenSSL. Hmmmm...
> >yes, now I know why it core dumps: It's because the DSO (which contains the
> >libssl/libcrypto stuff) is loaded to a different memory address in the second
> >round and this way we loose the contents of this variable, of course. But
> >BTW, it has still nothing to do with chroot(1M) ;-)
> It always core dumps mod_ssl2.1.7/DSO with chroot.
> (and it always core dumps mod_ssl2.2.2/DSO with chroot.)
> But it doesn't always core dumps mod_ssl2.1.7/DSO without chroot.
> (and it doesn't always core dumps mod_ssl2.2.2/DSO without chroot.)
> (I failed the tests of mod_ssl2.2.2 at my last letter,sorry.)
> I don't know the reason.
Hmmm... very interesting. Nevertheless I still think that it occurs only under
your chroot-environment is just a side-effect and more some sort of
coincidence. Because I cannot image any reason why a chroot-environment should
lead to a problem for an internal structure variable. Nevertheless: You say
that your RSA_new() based patch fixed it while my i2d/d2i based variant
doesn't. I cannot belief this, because now with the d2i_xx() in the second
init round a completely new RSA structure should be generated, because the
source is an Apache buffer filled with the plain DER stuff (and no longer any
SSLeay/OpenSSL internal pointers, etc.)
>[...]
> httpd: [Mon Feb 15 15:14:13 1999] [notice] child pid 28009 exit signal Segmentation
>Fault (11)
> httpd: [Mon Feb 15 15:14:13 1999] [notice] child pid 28008 exit signal Segmentation
>Fault (11)
> httpd: [Mon Feb 15 15:14:13 1999] [notice] child pid 28007 exit signal Segmentation
>Fault (11)
> httpd: [Mon Feb 15 15:14:13 1999] [notice] child pid 28006 exit signal Segmentation
>Fault (11)
BTW, sorry when I ask: Have you verified in the debugger that these segfaults
are still the `meth'-variable-related ones? Perhaps we've fixed it, but have a
second problem somewhere else?
> And mod_ssl2.2.2/DSO + my (ugly:-) patch works.
> And mod_ssl2.2.2/DSO original works. (original apachectl : not chroot)
Hmmm... confusing. I would expect that even without chroot the stuff has to
fail whenever the dynamic loader in the second round places the libssl.so at a
different memory address than in the first round. I'll investigate again.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
