subject:"\[Bug 1366174\] \[NEW\] apache2 SEGV with multiple SSL sites"

[Bug 1366174] [NEW] apache2 SEGV with multiple SSL sites

2014-11-17 Thread Launchpad Bug Tracker

You have been subscribed to a public bug by Robie Basak (racb):

Apache2 crashes with multiple SSL sites.

[Impact]

Apache may SEGV on initialisation (and thus refuse to start) when using
multiple SSL sites in a moderately complex configuration. Though the
crash is caused by OCSP stapling code, it is not necessary for OCSP to
be enabled to cause the problem. As the problem is caused by a memory
address changing between reads of the config file, in theory any
configuration with one SSL site could refuse to run, though in practice
a degree of complexity appears to be necessary to cause sufficient
memory allocation to trigger the crash.

The bug is thus serious as any SSL apache configuration may not load.

[Testcase]

See comment #1

[Regression Potential]

The most likely regression potential is a failure of OCSP to work
properly. OCSP is relatively new and little used code, and hence is less
well tested than other areas. Though the work was done upstream and has
been approved by OCSP-familiar apache authors, it is possible a change
to the OCSP code will cause some OCSP functionality defect. However, the
comparative lack of use of OCSP (compared to SSL) means the impact of
any such failure should be limited.


Detailed description follows:

When starting apache2 with multiple SSL sites I get a SEGV like this:

(gdb) bt
#0  0x705faaf3 in ?? () from /usr/lib/apache2/modules/mod_ssl.so
#1  0x729647a6 in int_free_ex_data (class_index=optimized out, 
obj=0x55af7460, ad=0x55af7488) at ex_data.c:522
#2  0x72a05061 in x509_cb (operation=operation@entry=3, 
pval=pval@entry=0x7fffc218, it=it@entry=0x72cc0780 X509_it,
exarg=exarg@entry=0x0) at x_x509.c:113
#3  0x72a08fea in asn1_item_combine_free 
(pval=pval@entry=0x7fffc218, it=it@entry=0x72cc0780 X509_it, 
combine=combine@entry=0)
at tasn_fre.c:173
#4  0x72a091c5 in ASN1_item_free (val=val@entry=0x55af7460, 
it=it@entry=0x72cc0780 X509_it) at tasn_fre.c:71
#5  0x72a0514c in X509_free (a=a@entry=0x55af7460) at x_x509.c:141
#6  0x705ee0b8 in ssl_pphrase_Handle (s=s@entry=0x77fc1de0, 
p=p@entry=0x77fbf028) at ssl_engine_pphrase.c:275
#7  0x705e3658 in ssl_init_Module (p=0x77ff0028, plog=optimized 
out, ptemp=0x77fbf028, base_server=0x77fc1de0)
at ssl_engine_init.c:194
#8  0x555aa2a9 in ap_run_post_config (pconf=0x77ff0028, 
plog=0x77fbd028, ptemp=0x77fbf028, s=0x77fc1de0) at config.c:103
#9  0x5558ae07 in main (argc=6, argv=0x7fffe5a8) at main.c:765

This is 100% repeatable.

This looks very like:
  https://bugzilla.redhat.com/show_bug.cgi?id=1074406

save that I am not using Auth at all. However, ssl itself requires the
socache logic, so perhaps it has the same root cause.

Disabling a couple of SSL sites normally resolves the problem.

What I expected to happen: apache2 to start without SEGV
What actually happened: apache2 did not start due to SEGV

root@nimtest:/root# lsb_release -rd
Description:Ubuntu 14.04.1 LTS
Release:14.04

root@nimtest:/root# apt-cache policy apache2-bin
apache2-bin:
  Installed: 2.4.7-1ubuntu4.1
  Candidate: 2.4.7-1ubuntu4.1
  Version table:
 *** 2.4.7-1ubuntu4.1 0
500 http://gb.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 
Packages
500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 
Packages
100 /var/lib/dpkg/status
 2.4.7-1ubuntu4 0
500 http://gb.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages

root@nimtest:/root# dpkg --list | egrep '\b(apache2|libssl|openssl)'
ii  apache2  2.4.7-1ubuntu4.1 
amd64Apache HTTP Server
ii  apache2-bin  2.4.7-1ubuntu4.1 
amd64Apache HTTP Server (binary files and modules)
ii  apache2-data 2.4.7-1ubuntu4.1 
all  Apache HTTP Server (common files)
ii  apache2-dbg  2.4.7-1ubuntu4.1 
amd64Apache debugging symbols
ii  apache2-utils2.4.7-1ubuntu4.1 
amd64Apache HTTP Server (utility programs for web servers)
ii  libgnutls-openssl27:amd642.12.23-12ubuntu2.1  
amd64GNU TLS library - OpenSSL wrapper
ii  libssl1.0.0:amd641.0.1f-1ubuntu2.5
amd64Secure Sockets Layer toolkit - shared libraries
ii  libssl1.0.0-dbg:amd641.0.1f-1ubuntu2.5
amd64Secure Sockets Layer toolkit - debug information
ii  openssl  1.0.1f-1ubuntu2.5
amd64Secure Sockets Layer toolkit - cryptographic utility
ii  python-openssl   0.13-2ubuntu6
amd64Python 2 wrapper around the OpenSSL library

Modules in use:

[Bug 1366174] [NEW] apache2 SEGV with multiple SSL sites

2014-09-05 Thread Alex Bligh

Public bug reported:

Apache2 crashes with multiple SSL sites.

When starting apache2 with multiple SSL sites I get a SEGV like this:

(gdb) bt
#0  0x705faaf3 in ?? () from /usr/lib/apache2/modules/mod_ssl.so
#1  0x729647a6 in int_free_ex_data (class_index=optimized out, 
obj=0x55af7460, ad=0x55af7488) at ex_data.c:522
#2  0x72a05061 in x509_cb (operation=operation@entry=3, 
pval=pval@entry=0x7fffc218, it=it@entry=0x72cc0780 X509_it,
exarg=exarg@entry=0x0) at x_x509.c:113
#3  0x72a08fea in asn1_item_combine_free 
(pval=pval@entry=0x7fffc218, it=it@entry=0x72cc0780 X509_it, 
combine=combine@entry=0)
at tasn_fre.c:173
#4  0x72a091c5 in ASN1_item_free (val=val@entry=0x55af7460, 
it=it@entry=0x72cc0780 X509_it) at tasn_fre.c:71
#5  0x72a0514c in X509_free (a=a@entry=0x55af7460) at x_x509.c:141
#6  0x705ee0b8 in ssl_pphrase_Handle (s=s@entry=0x77fc1de0, 
p=p@entry=0x77fbf028) at ssl_engine_pphrase.c:275
#7  0x705e3658 in ssl_init_Module (p=0x77ff0028, plog=optimized 
out, ptemp=0x77fbf028, base_server=0x77fc1de0)
at ssl_engine_init.c:194
#8  0x555aa2a9 in ap_run_post_config (pconf=0x77ff0028, 
plog=0x77fbd028, ptemp=0x77fbf028, s=0x77fc1de0) at config.c:103
#9  0x5558ae07 in main (argc=6, argv=0x7fffe5a8) at main.c:765

This is 100% repeatable.

This looks very like:
  https://bugzilla.redhat.com/show_bug.cgi?id=1074406

save that I am not using Auth at all. However, ssl itself requires the
socache logic, so perhaps it has the same root cause.

Disabling a couple of SSL sites normally resolves the problem.

What I expected to happen: apache2 to start without SEGV
What actually happened: apache2 did not start due to SEGV

root@nimtest:/root# lsb_release -rd
Description:Ubuntu 14.04.1 LTS
Release:14.04

root@nimtest:/root# apt-cache policy apache2-bin
apache2-bin:
  Installed: 2.4.7-1ubuntu4.1
  Candidate: 2.4.7-1ubuntu4.1
  Version table:
 *** 2.4.7-1ubuntu4.1 0
500 http://gb.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 
Packages
500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 
Packages
100 /var/lib/dpkg/status
 2.4.7-1ubuntu4 0
500 http://gb.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages

root@nimtest:/root# dpkg --list | egrep '\b(apache2|libssl|openssl)'
ii  apache2  2.4.7-1ubuntu4.1 
amd64Apache HTTP Server
ii  apache2-bin  2.4.7-1ubuntu4.1 
amd64Apache HTTP Server (binary files and modules)
ii  apache2-data 2.4.7-1ubuntu4.1 
all  Apache HTTP Server (common files)
ii  apache2-dbg  2.4.7-1ubuntu4.1 
amd64Apache debugging symbols
ii  apache2-utils2.4.7-1ubuntu4.1 
amd64Apache HTTP Server (utility programs for web servers)
ii  libgnutls-openssl27:amd642.12.23-12ubuntu2.1  
amd64GNU TLS library - OpenSSL wrapper
ii  libssl1.0.0:amd641.0.1f-1ubuntu2.5
amd64Secure Sockets Layer toolkit - shared libraries
ii  libssl1.0.0-dbg:amd641.0.1f-1ubuntu2.5
amd64Secure Sockets Layer toolkit - debug information
ii  openssl  1.0.1f-1ubuntu2.5
amd64Secure Sockets Layer toolkit - cryptographic utility
ii  python-openssl   0.13-2ubuntu6
amd64Python 2 wrapper around the OpenSSL library


Modules in use:

root@nimtest:/root# ls -1 /etc/apache2/mods-enabled/
access_compat.load
alias.conf
alias.load
auth_basic.load
authn_core.load
authn_file.load
authz_core.load
authz_groupfile.load
authz_host.load
authz_user.load
autoindex.conf
autoindex.load
cgi.load
dbd.load
deflate.conf
deflate.load
dir.conf
dir.load
env.load
filter.load
headers.load
ident2.load
lbmethod_byrequests.load
mime.conf
mime.load
mpm_prefork.conf
mpm_prefork.load
negotiation.conf
negotiation.load
php5.conf
php5.load
proxy.conf
proxy.load
proxy_balancer.conf
proxy_balancer.load
proxy_http.load
reqtimeout.conf
reqtimeout.load
rewrite.load
setenvif.conf
setenvif.load
slotmem_shm.load
socache_shmcb.load
ssl.conf
ssl.load
status.conf
status.load
substitute.load
websocket.load
websocket_draft76.load

Here's a startup log plus 'bt full'

root@nimtest:/root# APACHE_LOCK_DIR=/var/lock/apache2 APACHE_RUN_USER=www-data 
gdb --args /usr/sbin/apache2 -k start -X -e Debug
GNU gdb (Ubuntu 7.7-0ubuntu3.1) 7.7
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by

[Bug 1366174] [NEW] apache2 SEGV with multiple SSL sites

2014-09-05 Thread Alex Bligh

Public bug reported:

Apache2 crashes with multiple SSL sites.

When starting apache2 with multiple SSL sites I get a SEGV like this:

(gdb) bt
#0  0x705faaf3 in ?? () from /usr/lib/apache2/modules/mod_ssl.so
#1  0x729647a6 in int_free_ex_data (class_index=optimized out, 
obj=0x55af7460, ad=0x55af7488) at ex_data.c:522
#2  0x72a05061 in x509_cb (operation=operation@entry=3, 
pval=pval@entry=0x7fffc218, it=it@entry=0x72cc0780 X509_it,
exarg=exarg@entry=0x0) at x_x509.c:113
#3  0x72a08fea in asn1_item_combine_free 
(pval=pval@entry=0x7fffc218, it=it@entry=0x72cc0780 X509_it, 
combine=combine@entry=0)
at tasn_fre.c:173
#4  0x72a091c5 in ASN1_item_free (val=val@entry=0x55af7460, 
it=it@entry=0x72cc0780 X509_it) at tasn_fre.c:71
#5  0x72a0514c in X509_free (a=a@entry=0x55af7460) at x_x509.c:141
#6  0x705ee0b8 in ssl_pphrase_Handle (s=s@entry=0x77fc1de0, 
p=p@entry=0x77fbf028) at ssl_engine_pphrase.c:275
#7  0x705e3658 in ssl_init_Module (p=0x77ff0028, plog=optimized 
out, ptemp=0x77fbf028, base_server=0x77fc1de0)
at ssl_engine_init.c:194
#8  0x555aa2a9 in ap_run_post_config (pconf=0x77ff0028, 
plog=0x77fbd028, ptemp=0x77fbf028, s=0x77fc1de0) at config.c:103
#9  0x5558ae07 in main (argc=6, argv=0x7fffe5a8) at main.c:765

This is 100% repeatable.

This looks very like:
  https://bugzilla.redhat.com/show_bug.cgi?id=1074406

save that I am not using Auth at all. However, ssl itself requires the
socache logic, so perhaps it has the same root cause.

Disabling a couple of SSL sites normally resolves the problem.

What I expected to happen: apache2 to start without SEGV
What actually happened: apache2 did not start due to SEGV

root@nimtest:/root# lsb_release -rd
Description:Ubuntu 14.04.1 LTS
Release:14.04

root@nimtest:/root# apt-cache policy apache2-bin
apache2-bin:
  Installed: 2.4.7-1ubuntu4.1
  Candidate: 2.4.7-1ubuntu4.1
  Version table:
 *** 2.4.7-1ubuntu4.1 0
500 http://gb.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 
Packages
500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 
Packages
100 /var/lib/dpkg/status
 2.4.7-1ubuntu4 0
500 http://gb.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages

root@nimtest:/root# dpkg --list | egrep '\b(apache2|libssl|openssl)'
ii  apache2  2.4.7-1ubuntu4.1 
amd64Apache HTTP Server
ii  apache2-bin  2.4.7-1ubuntu4.1 
amd64Apache HTTP Server (binary files and modules)
ii  apache2-data 2.4.7-1ubuntu4.1 
all  Apache HTTP Server (common files)
ii  apache2-dbg  2.4.7-1ubuntu4.1 
amd64Apache debugging symbols
ii  apache2-utils2.4.7-1ubuntu4.1 
amd64Apache HTTP Server (utility programs for web servers)
ii  libgnutls-openssl27:amd642.12.23-12ubuntu2.1  
amd64GNU TLS library - OpenSSL wrapper
ii  libssl1.0.0:amd641.0.1f-1ubuntu2.5
amd64Secure Sockets Layer toolkit - shared libraries
ii  libssl1.0.0-dbg:amd641.0.1f-1ubuntu2.5
amd64Secure Sockets Layer toolkit - debug information
ii  openssl  1.0.1f-1ubuntu2.5
amd64Secure Sockets Layer toolkit - cryptographic utility
ii  python-openssl   0.13-2ubuntu6
amd64Python 2 wrapper around the OpenSSL library


Modules in use:

root@nimtest:/root# ls -1 /etc/apache2/mods-enabled/
access_compat.load
alias.conf
alias.load
auth_basic.load
authn_core.load
authn_file.load
authz_core.load
authz_groupfile.load
authz_host.load
authz_user.load
autoindex.conf
autoindex.load
cgi.load
dbd.load
deflate.conf
deflate.load
dir.conf
dir.load
env.load
filter.load
headers.load
ident2.load
lbmethod_byrequests.load
mime.conf
mime.load
mpm_prefork.conf
mpm_prefork.load
negotiation.conf
negotiation.load
php5.conf
php5.load
proxy.conf
proxy.load
proxy_balancer.conf
proxy_balancer.load
proxy_http.load
reqtimeout.conf
reqtimeout.load
rewrite.load
setenvif.conf
setenvif.load
slotmem_shm.load
socache_shmcb.load
ssl.conf
ssl.load
status.conf
status.load
substitute.load
websocket.load
websocket_draft76.load

Here's a startup log plus 'bt full'

root@nimtest:/root# APACHE_LOCK_DIR=/var/lock/apache2 APACHE_RUN_USER=www-data 
gdb --args /usr/sbin/apache2 -k start -X -e Debug
GNU gdb (Ubuntu 7.7-0ubuntu3.1) 7.7
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by

[Bug 1366174] [NEW] apache2 SEGV with multiple SSL sites

[Bug 1366174] [NEW] apache2 SEGV with multiple SSL sites

[Bug 1366174] [NEW] apache2 SEGV with multiple SSL sites

3 matches

Site Navigation

Mail list logo

Footer information