Re: [PATCH] Segfaults in 2.8.13 (was: Re: mod_ssl/2.8.13 and php)
Hi,
this works on linux 2.2.16 and linux 2.4.19
Thanks
Burkhard
On Fri, 21 Mar 2003, Ralf S. Engelschall wrote:
On Fri, Mar 21, 2003, Ralf S. Engelschall wrote:
I can see the same segmentation fault :
[...]
Ok, can the people who are able to reproduce the segfault problem,
please apply the following patch, retry it and give feedback? I think
these two bugfixes should fix the problem now. If yes, I'll release
mod_ssl 2.8.14 with it. Thanks for your help.
Index: ssl_engine_kernel.c
===
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_kernel.c,v
retrieving revision 1.136
diff -u -d -r1.136 ssl_engine_kernel.c
--- ssl_engine_kernel.c 19 Nov 2002 13:57:01 - 1.136
+++ ssl_engine_kernel.c 21 Mar 2003 12:39:47 -
@@ -1048,13 +1048,15 @@
Re-negotiation handshake failed: Client verification
failed);
return FORBIDDEN;
}
+cert = SSL_get_peer_certificate(ssl);
if ( dc-nVerifyClient == SSL_CVERIFY_REQUIRE
- (cert = SSL_get_peer_certificate(ssl)) == NULL) {
+ cert == NULL) {
ssl_log(r-server, SSL_LOG_ERROR,
Re-negotiation handshake failed: Client certificate
missing);
-X509_free(cert);
return FORBIDDEN;
}
+if (cert != NULL)
+X509_free(cert);
}
}
Index: ssl_engine_vars.c
===
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_vars.c,v
retrieving revision 1.53
diff -u -d -r1.53 ssl_engine_vars.c
--- ssl_engine_vars.c 29 Oct 2002 13:00:46 - 1.53
+++ ssl_engine_vars.c 21 Mar 2003 12:40:12 -
@@ -322,7 +322,9 @@
else if (ssl != NULL strlen(var) 7 strcEQn(var, SERVER_, 7)) {
if ((xs = SSL_get_certificate(ssl)) != NULL) {
result = ssl_var_lookup_ssl_cert(p, xs, var+7);
-X509_free(xs);
+/* SSL_get_certificate() as of OpenSSL 0.9.7a does not increment
+ the reference count the same way SSL_get_peer_certificate does,
+ so no need to X509_free(xs) the stuff here. */
}
}
return result;
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
Re: [PATCH] Segfaults in 2.8.13 (was: Re: mod_ssl/2.8.13 and php)
--Ralf S. Engelschall [EMAIL PROTECTED] wrote:
On Fri, Mar 21, 2003, Ralf S. Engelschall wrote:
I can see the same segmentation fault :
[...]
Ok, can the people who are able to reproduce the segfault problem,
please apply the following patch, retry it and give feedback? I think
these two bugfixes should fix the problem now. If yes, I'll release
mod_ssl 2.8.14 with it. Thanks for your help.
The patch fixed the problem for me (no php, RH 7.3.)
--
Ed Kubaitis - [EMAIL PROTECTED]
CITES/STS - University of Illinois at Urbana-Champaign
Index: ssl_engine_kernel.c
===
RCS file:
/e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_kernel.c,v
retrieving revision 1.136
diff -u -d -r1.136 ssl_engine_kernel.c
--- ssl_engine_kernel.c 19 Nov 2002 13:57:01 - 1.136
+++ ssl_engine_kernel.c 21 Mar 2003 12:39:47 -
@@ -1048,13 +1048,15 @@
Re-negotiation handshake failed: Client
verification failed); return FORBIDDEN;
}
+cert = SSL_get_peer_certificate(ssl);
if ( dc-nVerifyClient == SSL_CVERIFY_REQUIRE
- (cert = SSL_get_peer_certificate(ssl)) == NULL) {
+ cert == NULL) {
ssl_log(r-server, SSL_LOG_ERROR,
Re-negotiation handshake failed: Client
certificate missing); -X509_free(cert);
return FORBIDDEN;
}
+if (cert != NULL)
+X509_free(cert);
}
}
Index: ssl_engine_vars.c
===
RCS file:
/e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_vars.c,v
retrieving revision 1.53
diff -u -d -r1.53 ssl_engine_vars.c
--- ssl_engine_vars.c 29 Oct 2002 13:00:46 - 1.53
+++ ssl_engine_vars.c 21 Mar 2003 12:40:12 -
@@ -322,7 +322,9 @@
else if (ssl != NULL strlen(var) 7 strcEQn(var, SERVER_,
7)) { if ((xs = SSL_get_certificate(ssl)) != NULL) {
result = ssl_var_lookup_ssl_cert(p, xs, var+7);
-X509_free(xs);
+/* SSL_get_certificate() as of OpenSSL 0.9.7a does not
increment + the reference count the same way
SSL_get_peer_certificate does, + so no need to
X509_free(xs) the stuff here. */
}
}
return result;
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
Re: [PATCH] Segfaults in 2.8.13 (was: Re: mod_ssl/2.8.13 and php)
Hi, Ralf S. Engelschall wrote: Ok, can the people who are able to reproduce the segfault problem, please apply the following patch, retry it and give feedback? I think these two bugfixes should fix the problem now. If yes, I'll release mod_ssl 2.8.14 with it. Thanks for your help. That's ok with static and DSO apache build on : FreeBSD 4.8-STABLE Apache 1.3.27 Openssl 0.9.7a Modssl 2.8.13 + provided patch PHP 4.3.1 and PHP 4.3.2RC1 Thanks ! -- Best regards, Artur Pydo. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: [PATCH] Segfaults in 2.8.13 (was: Re: mod_ssl/2.8.13 and php)
Hi All, It is OK with: Solaris 2.6/Sparc Apache 1.3.27 (DSO) Php 4.2.3 OpenSSL 0.9.6i Mod_SSL 2.8.14 Nice weekend for everybody! JAZZ ___ Busca Yahoo! O serviço de busca mais completo da Internet. O que você pensar o Yahoo! encontra. http://br.busca.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
