[Bug 1366174] [NEW] apache2 SEGV with multiple SSL sites
You have been subscribed to a public bug by Robie Basak (racb): Apache2 crashes with multiple SSL sites. [Impact] Apache may SEGV on initialisation (and thus refuse to start) when using multiple SSL sites in a moderately complex configuration. Though the crash is caused by OCSP stapling code, it is not necessary for OCSP to be enabled to cause the problem. As the problem is caused by a memory address changing between reads of the config file, in theory any configuration with one SSL site could refuse to run, though in practice a degree of complexity appears to be necessary to cause sufficient memory allocation to trigger the crash. The bug is thus serious as any SSL apache configuration may not load. [Testcase] See comment #1 [Regression Potential] The most likely regression potential is a failure of OCSP to work properly. OCSP is relatively new and little used code, and hence is less well tested than other areas. Though the work was done upstream and has been approved by OCSP-familiar apache authors, it is possible a change to the OCSP code will cause some OCSP functionality defect. However, the comparative lack of use of OCSP (compared to SSL) means the impact of any such failure should be limited. Detailed description follows: When starting apache2 with multiple SSL sites I get a SEGV like this: (gdb) bt #0 0x705faaf3 in ?? () from /usr/lib/apache2/modules/mod_ssl.so #1 0x729647a6 in int_free_ex_data (class_index=optimized out, obj=0x55af7460, ad=0x55af7488) at ex_data.c:522 #2 0x72a05061 in x509_cb (operation=operation@entry=3, pval=pval@entry=0x7fffc218, it=it@entry=0x72cc0780 X509_it, exarg=exarg@entry=0x0) at x_x509.c:113 #3 0x72a08fea in asn1_item_combine_free (pval=pval@entry=0x7fffc218, it=it@entry=0x72cc0780 X509_it, combine=combine@entry=0) at tasn_fre.c:173 #4 0x72a091c5 in ASN1_item_free (val=val@entry=0x55af7460, it=it@entry=0x72cc0780 X509_it) at tasn_fre.c:71 #5 0x72a0514c in X509_free (a=a@entry=0x55af7460) at x_x509.c:141 #6 0x705ee0b8 in ssl_pphrase_Handle (s=s@entry=0x77fc1de0, p=p@entry=0x77fbf028) at ssl_engine_pphrase.c:275 #7 0x705e3658 in ssl_init_Module (p=0x77ff0028, plog=optimized out, ptemp=0x77fbf028, base_server=0x77fc1de0) at ssl_engine_init.c:194 #8 0x555aa2a9 in ap_run_post_config (pconf=0x77ff0028, plog=0x77fbd028, ptemp=0x77fbf028, s=0x77fc1de0) at config.c:103 #9 0x5558ae07 in main (argc=6, argv=0x7fffe5a8) at main.c:765 This is 100% repeatable. This looks very like: https://bugzilla.redhat.com/show_bug.cgi?id=1074406 save that I am not using Auth at all. However, ssl itself requires the socache logic, so perhaps it has the same root cause. Disabling a couple of SSL sites normally resolves the problem. What I expected to happen: apache2 to start without SEGV What actually happened: apache2 did not start due to SEGV root@nimtest:/root# lsb_release -rd Description:Ubuntu 14.04.1 LTS Release:14.04 root@nimtest:/root# apt-cache policy apache2-bin apache2-bin: Installed: 2.4.7-1ubuntu4.1 Candidate: 2.4.7-1ubuntu4.1 Version table: *** 2.4.7-1ubuntu4.1 0 500 http://gb.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages 100 /var/lib/dpkg/status 2.4.7-1ubuntu4 0 500 http://gb.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages root@nimtest:/root# dpkg --list | egrep '\b(apache2|libssl|openssl)' ii apache2 2.4.7-1ubuntu4.1 amd64Apache HTTP Server ii apache2-bin 2.4.7-1ubuntu4.1 amd64Apache HTTP Server (binary files and modules) ii apache2-data 2.4.7-1ubuntu4.1 all Apache HTTP Server (common files) ii apache2-dbg 2.4.7-1ubuntu4.1 amd64Apache debugging symbols ii apache2-utils2.4.7-1ubuntu4.1 amd64Apache HTTP Server (utility programs for web servers) ii libgnutls-openssl27:amd642.12.23-12ubuntu2.1 amd64GNU TLS library - OpenSSL wrapper ii libssl1.0.0:amd641.0.1f-1ubuntu2.5 amd64Secure Sockets Layer toolkit - shared libraries ii libssl1.0.0-dbg:amd641.0.1f-1ubuntu2.5 amd64Secure Sockets Layer toolkit - debug information ii openssl 1.0.1f-1ubuntu2.5 amd64Secure Sockets Layer toolkit - cryptographic utility ii python-openssl 0.13-2ubuntu6 amd64Python 2 wrapper around the OpenSSL library Modules in use:
[Bug 1366174] [NEW] apache2 SEGV with multiple SSL sites
Public bug reported: Apache2 crashes with multiple SSL sites. When starting apache2 with multiple SSL sites I get a SEGV like this: (gdb) bt #0 0x705faaf3 in ?? () from /usr/lib/apache2/modules/mod_ssl.so #1 0x729647a6 in int_free_ex_data (class_index=optimized out, obj=0x55af7460, ad=0x55af7488) at ex_data.c:522 #2 0x72a05061 in x509_cb (operation=operation@entry=3, pval=pval@entry=0x7fffc218, it=it@entry=0x72cc0780 X509_it, exarg=exarg@entry=0x0) at x_x509.c:113 #3 0x72a08fea in asn1_item_combine_free (pval=pval@entry=0x7fffc218, it=it@entry=0x72cc0780 X509_it, combine=combine@entry=0) at tasn_fre.c:173 #4 0x72a091c5 in ASN1_item_free (val=val@entry=0x55af7460, it=it@entry=0x72cc0780 X509_it) at tasn_fre.c:71 #5 0x72a0514c in X509_free (a=a@entry=0x55af7460) at x_x509.c:141 #6 0x705ee0b8 in ssl_pphrase_Handle (s=s@entry=0x77fc1de0, p=p@entry=0x77fbf028) at ssl_engine_pphrase.c:275 #7 0x705e3658 in ssl_init_Module (p=0x77ff0028, plog=optimized out, ptemp=0x77fbf028, base_server=0x77fc1de0) at ssl_engine_init.c:194 #8 0x555aa2a9 in ap_run_post_config (pconf=0x77ff0028, plog=0x77fbd028, ptemp=0x77fbf028, s=0x77fc1de0) at config.c:103 #9 0x5558ae07 in main (argc=6, argv=0x7fffe5a8) at main.c:765 This is 100% repeatable. This looks very like: https://bugzilla.redhat.com/show_bug.cgi?id=1074406 save that I am not using Auth at all. However, ssl itself requires the socache logic, so perhaps it has the same root cause. Disabling a couple of SSL sites normally resolves the problem. What I expected to happen: apache2 to start without SEGV What actually happened: apache2 did not start due to SEGV root@nimtest:/root# lsb_release -rd Description:Ubuntu 14.04.1 LTS Release:14.04 root@nimtest:/root# apt-cache policy apache2-bin apache2-bin: Installed: 2.4.7-1ubuntu4.1 Candidate: 2.4.7-1ubuntu4.1 Version table: *** 2.4.7-1ubuntu4.1 0 500 http://gb.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages 100 /var/lib/dpkg/status 2.4.7-1ubuntu4 0 500 http://gb.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages root@nimtest:/root# dpkg --list | egrep '\b(apache2|libssl|openssl)' ii apache2 2.4.7-1ubuntu4.1 amd64Apache HTTP Server ii apache2-bin 2.4.7-1ubuntu4.1 amd64Apache HTTP Server (binary files and modules) ii apache2-data 2.4.7-1ubuntu4.1 all Apache HTTP Server (common files) ii apache2-dbg 2.4.7-1ubuntu4.1 amd64Apache debugging symbols ii apache2-utils2.4.7-1ubuntu4.1 amd64Apache HTTP Server (utility programs for web servers) ii libgnutls-openssl27:amd642.12.23-12ubuntu2.1 amd64GNU TLS library - OpenSSL wrapper ii libssl1.0.0:amd641.0.1f-1ubuntu2.5 amd64Secure Sockets Layer toolkit - shared libraries ii libssl1.0.0-dbg:amd641.0.1f-1ubuntu2.5 amd64Secure Sockets Layer toolkit - debug information ii openssl 1.0.1f-1ubuntu2.5 amd64Secure Sockets Layer toolkit - cryptographic utility ii python-openssl 0.13-2ubuntu6 amd64Python 2 wrapper around the OpenSSL library Modules in use: root@nimtest:/root# ls -1 /etc/apache2/mods-enabled/ access_compat.load alias.conf alias.load auth_basic.load authn_core.load authn_file.load authz_core.load authz_groupfile.load authz_host.load authz_user.load autoindex.conf autoindex.load cgi.load dbd.load deflate.conf deflate.load dir.conf dir.load env.load filter.load headers.load ident2.load lbmethod_byrequests.load mime.conf mime.load mpm_prefork.conf mpm_prefork.load negotiation.conf negotiation.load php5.conf php5.load proxy.conf proxy.load proxy_balancer.conf proxy_balancer.load proxy_http.load reqtimeout.conf reqtimeout.load rewrite.load setenvif.conf setenvif.load slotmem_shm.load socache_shmcb.load ssl.conf ssl.load status.conf status.load substitute.load websocket.load websocket_draft76.load Here's a startup log plus 'bt full' root@nimtest:/root# APACHE_LOCK_DIR=/var/lock/apache2 APACHE_RUN_USER=www-data gdb --args /usr/sbin/apache2 -k start -X -e Debug GNU gdb (Ubuntu 7.7-0ubuntu3.1) 7.7 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by
[Bug 1366174] [NEW] apache2 SEGV with multiple SSL sites
Public bug reported: Apache2 crashes with multiple SSL sites. When starting apache2 with multiple SSL sites I get a SEGV like this: (gdb) bt #0 0x705faaf3 in ?? () from /usr/lib/apache2/modules/mod_ssl.so #1 0x729647a6 in int_free_ex_data (class_index=optimized out, obj=0x55af7460, ad=0x55af7488) at ex_data.c:522 #2 0x72a05061 in x509_cb (operation=operation@entry=3, pval=pval@entry=0x7fffc218, it=it@entry=0x72cc0780 X509_it, exarg=exarg@entry=0x0) at x_x509.c:113 #3 0x72a08fea in asn1_item_combine_free (pval=pval@entry=0x7fffc218, it=it@entry=0x72cc0780 X509_it, combine=combine@entry=0) at tasn_fre.c:173 #4 0x72a091c5 in ASN1_item_free (val=val@entry=0x55af7460, it=it@entry=0x72cc0780 X509_it) at tasn_fre.c:71 #5 0x72a0514c in X509_free (a=a@entry=0x55af7460) at x_x509.c:141 #6 0x705ee0b8 in ssl_pphrase_Handle (s=s@entry=0x77fc1de0, p=p@entry=0x77fbf028) at ssl_engine_pphrase.c:275 #7 0x705e3658 in ssl_init_Module (p=0x77ff0028, plog=optimized out, ptemp=0x77fbf028, base_server=0x77fc1de0) at ssl_engine_init.c:194 #8 0x555aa2a9 in ap_run_post_config (pconf=0x77ff0028, plog=0x77fbd028, ptemp=0x77fbf028, s=0x77fc1de0) at config.c:103 #9 0x5558ae07 in main (argc=6, argv=0x7fffe5a8) at main.c:765 This is 100% repeatable. This looks very like: https://bugzilla.redhat.com/show_bug.cgi?id=1074406 save that I am not using Auth at all. However, ssl itself requires the socache logic, so perhaps it has the same root cause. Disabling a couple of SSL sites normally resolves the problem. What I expected to happen: apache2 to start without SEGV What actually happened: apache2 did not start due to SEGV root@nimtest:/root# lsb_release -rd Description:Ubuntu 14.04.1 LTS Release:14.04 root@nimtest:/root# apt-cache policy apache2-bin apache2-bin: Installed: 2.4.7-1ubuntu4.1 Candidate: 2.4.7-1ubuntu4.1 Version table: *** 2.4.7-1ubuntu4.1 0 500 http://gb.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages 100 /var/lib/dpkg/status 2.4.7-1ubuntu4 0 500 http://gb.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages root@nimtest:/root# dpkg --list | egrep '\b(apache2|libssl|openssl)' ii apache2 2.4.7-1ubuntu4.1 amd64Apache HTTP Server ii apache2-bin 2.4.7-1ubuntu4.1 amd64Apache HTTP Server (binary files and modules) ii apache2-data 2.4.7-1ubuntu4.1 all Apache HTTP Server (common files) ii apache2-dbg 2.4.7-1ubuntu4.1 amd64Apache debugging symbols ii apache2-utils2.4.7-1ubuntu4.1 amd64Apache HTTP Server (utility programs for web servers) ii libgnutls-openssl27:amd642.12.23-12ubuntu2.1 amd64GNU TLS library - OpenSSL wrapper ii libssl1.0.0:amd641.0.1f-1ubuntu2.5 amd64Secure Sockets Layer toolkit - shared libraries ii libssl1.0.0-dbg:amd641.0.1f-1ubuntu2.5 amd64Secure Sockets Layer toolkit - debug information ii openssl 1.0.1f-1ubuntu2.5 amd64Secure Sockets Layer toolkit - cryptographic utility ii python-openssl 0.13-2ubuntu6 amd64Python 2 wrapper around the OpenSSL library Modules in use: root@nimtest:/root# ls -1 /etc/apache2/mods-enabled/ access_compat.load alias.conf alias.load auth_basic.load authn_core.load authn_file.load authz_core.load authz_groupfile.load authz_host.load authz_user.load autoindex.conf autoindex.load cgi.load dbd.load deflate.conf deflate.load dir.conf dir.load env.load filter.load headers.load ident2.load lbmethod_byrequests.load mime.conf mime.load mpm_prefork.conf mpm_prefork.load negotiation.conf negotiation.load php5.conf php5.load proxy.conf proxy.load proxy_balancer.conf proxy_balancer.load proxy_http.load reqtimeout.conf reqtimeout.load rewrite.load setenvif.conf setenvif.load slotmem_shm.load socache_shmcb.load ssl.conf ssl.load status.conf status.load substitute.load websocket.load websocket_draft76.load Here's a startup log plus 'bt full' root@nimtest:/root# APACHE_LOCK_DIR=/var/lock/apache2 APACHE_RUN_USER=www-data gdb --args /usr/sbin/apache2 -k start -X -e Debug GNU gdb (Ubuntu 7.7-0ubuntu3.1) 7.7 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by