- Begin forwarded message -
Ralf,
I have been doing some code-walking to track down a problem we've been
having since last November with Apache child processes getting segmentation
faults periodically, and it appears to boil down to something with mod_ssl
and/or OpenSSL. I was hoping you could help shed some light on this, and/or
suggest where to next extend my search. Here are the details thus far:
- Running Apache 1.3.27 and mod_ssl 2.8.14 with OpenSSL 0.9.7b (also tried
with the 0.9.6 line with the same results)
gdb backtrace (attached) shows the segmentation fault being generated by
ssl3_write_pending(). This happens when a timeout occurs during
ap_send_fd() or ap_send_mmap(). The Apache timeout() handler is invoked by
the SIGALRM handler, which closes the connection and frees the SSL context.
When the signal handler finishes and returns to the stack (where we were in
the middle of a write operation somewhere inside of ssl3_write_pending()),
ssl3_write_pending() segfaults when it tries to access the non-existent
context.
I'm not sure if this would be considered a deficiency in how mod_ssl closes
the connection, in how OpenSSL's ssl3_write_pending() checks for a valid
context after BIO_write(), or something else entirely.
Any direction you can provide would be greatly appreciated. I'd be more
than happy to provide any additional info or debugging/troubleshooting steps.
Many thanks,
Doug
This email, and any included attachments, have been checked
by Norton AntiVirus Corporate Edition (Version 8.0), AVG
Server Edition 6.0, and Merak Email Server Integrated
Antivirus (Alwil Software's aVast! engine) and is certified
Virus Free.[EMAIL PROTECTED] ~]# gdb -x /tmp/gdb.cmd httpd
GNU gdb Red Hat Linux (5.2-2)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type show copying to see the conditions.
There is absolutely no warranty for GDB. Type show warranty for details.
This GDB was configured as i386-redhat-linux...
Breakpoint 1 at 0x80bd764: file http_main.c, line 1499.
[New Thread 1024 (LWP 10906)]
Processing config directory: /etc/httpd/conf/httpd.conf
Processing config file: /etc/httpd/conf/httpd.conf/apache.conf
[Switching to Thread 1024 (LWP 10906)]
Breakpoint 1, timeout (sig=14) at http_main.c:1499
1499if (alarms_blocked) {
(gdb) bt
#0 timeout (sig=14) at http_main.c:1499
#1 0x080ba0fb in alrm_handler (sig=14) at http_main.c:1628
#2 0x400275eb in pthread_sighandler (signo=14, ctx=
{gs = 0, __gsh = 0, fs = 0, __fsh = 0, es = 43, __esh = 0, ds = 43, __dsh = 0,
edi = 137328728, esi = 8221, ebp = 3221206440, esp = 3221206392, ebx = 7, edx = 8221,
ecx = 137328728, eax = 7146, trapno = 1, err = 0, eip = 1075341236, cs = 35, __csh =
0, eflags = 642, esp_at_signal = 3221206392, ss = 43, __ssh = 0, fpstate = 0xbfffb2f8,
oldmask = 2147483648, cr2 = 0}) at signals.c:97
#3 signal handler called
#4 0x401867b4 in __libc_write () at __libc_write:-1
#5 0x40032efc in __DTOR_END__ () from /lib/libpthread.so.0
#6 0x0810aff9 in sock_write (b=0x82e9990,
in=0x82f7858 \027\003\001 \030b¹W{ýø¾\016?èÁ\016³\217d)\027ýèP\b
ñÉ\002°\eѪ¸\237\003\205G\b
Ð\231\031w³\027ÈW\rÈ\006ÔL!uL+$\177EKõ]ÓL/»ÖæÉû\022¨\217^\235ÝýI\232\002η\035]Ùô\212ê\017\004B¬LÇ\200\t=8ã-)É\232»{\025ß÷\023ZN]Ú¶ú\227T\034\210h\037k\237:¾È\234à\177\237í\2209Ü\220Å\210ÎBÞ\177bg\234ø¾F¡èª+\201é\203:Ýf[EMAIL
PROTECTED])AÚµNËí\225,®..., inl=8221)
at bss_sock.c:157
#7 0x08109326 in BIO_write (b=0x82e9990, in=0x82f7858, inl=8221)
at bio_lib.c:201
#8 0x080fd855 in ssl3_write_pending (s=0x82e7530, type=23,
buf=0xbfffb8b0 -Datei äquivalent ist; zusätzliche Treiber \nkönnten weiterhin
erforderlich sein.\n\n, '=' repeats 76 times, \nHILFE ANFORNDERN\n\nZugriff über
das Web ht..., len=8192) at s3_pkt.c:740
#9 0x080fd769 in do_ssl3_write (s=0x82e7530, type=23,
buf=0xbfffb8b0 -Datei äquivalent ist; zusätzliche Treiber \nkönnten weiterhin
erforderlich sein.\n\n, '=' repeats 76 times, \nHILFE ANFORNDERN\n\nZugriff über
das Web ht..., len=8192, create_empty_fragment=0) at s3_pkt.c:713
#10 0x080fd362 in ssl3_write_bytes (s=0x82e7530, type=23, buf_=0xbfffb8b0,
len=8192) at s3_pkt.c:542
#11 0x080fb186 in ssl3_write (s=0x82e7530, buf=0xbfffb8b0, len=8192)
at s3_lib.c:1718
#12 0x080e4e0d in SSL_write (s=0x82e7530, buf=0xbfffb8b0, num=8192)
at ssl_lib.c:873
#13 0x08085181 in ssl_io_hook_write (fb=0x824f8c0,
buf=0xbfffb8b0 -Datei äquivalent ist; zusätzliche Treiber \nkönnten weiterhin
erforderlich sein.\n\n, '=' repeats 76 times, \nHILFE ANFORNDERN\n\nZugriff über
das Web ht..., len=8192) at ssl_engine_io.c:384
#14 0x080d3521 in ap_hook_call_func (ap=0xbfffb774, he=0x8234a38, hf=0x8237c40)
at ap_hook.c:649
#15 0x080d312c in ap_hook_call (hook=0x81ec1d5
