https://bz.apache.org/bugzilla/show_bug.cgi?id=63256
Bug ID: 63256
Summary: mod_ssl segmentation fault after 2.4.29
Product: Apache httpd-2
Version: 2.4.38
Hardware: All
OS: Linux
Status: NEW
Severity: regression
Priority: P2
Component: mod_ssl
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Hello,
I have a config that was working in 2.4.29 but now causes worker threads to
SEGV.
It experiences a segmentation fault at ssl_engine_kernel.c at line 1727:
It is in the function
ssl_callback_SSLVerify
on the line:
int crl_check_mode = mctx->crl_check_mask & ~ SSL_CRLCHECK_MASK;
gdb indicates that mctx (declared on the previous line) is incorrectly
constructed, and so trying to access the field crl_check_mask results in trying
to access unavailable memory.
It seems to me like this is a regression after 2.4.29. I experience the same
behavior in both 2.4.35 and 2.4.38, but not in 2.4.29.
I'm using a reverse proxy and client certificates. Here are the relevant parts
of my two configs:
Backend server (host01):
==================================================================
<Files "file.xml">
</Files>
<LocationMatch "^/bob/(bob)">
SSLVerifyClient require
RewriteEngine on
RewriteRule /bob/bob /file.xml
</LocationMatch>
<Location />
Require all granted
</Location>
SSLEngine on
Listen 443
SSLPassPhraseDialog builtin
SSLOptions +ExportCertData +StdEnvVars +LegacyDNStringFormat
====================================================================
Reverse proxy server (host02)
===================================================================
SSLProxyEngine on
SSLProxyMachineCertificateFile /path/to/cert.crt_and_key ProxyPreserveHost off
ExtendedStatus on
Listen 443
<VirtualHost _default_:443>
SSLEngine on
SSLOptions +ExportCertData +StdEnvVars +LegacyDNStringFormat SSLProtocol all
+TLSv1 +SSLv3 +TLSv1.1 +TLSv1.2
SSLCertificateFile /path/to/server/cert/cert.pem SSLCertificateKeyFile
/path/to/server/key.nopass.pem SSLCACertificateFile /path/to/ca.pem
SSLVerifyDepth 4
</VirtualHost>
<Location /host01>
ProxyPass https://host01
ProxyPassReverse https://host01
RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s"
RequestHeader set SSL_CLIENT_I_DN "%{SSL_CLIENT_I_DN}s"
SSLVerifyClient require
</Location>
========================================================
The proxy server SEGV's with the following stack on every third or fourth
request (!) for https://host02/host01/bob/bob. It appears to be having trouble
with the client cert.
#0 0x00007f29c8400132 in ssl_callback_SSLVerify () from
/var/www/modules/mod_ssl.so
#1 0x0000003c90521730 in X509_verify_cert () from /usr/lib64/libcrypto.so.10
#2 0x0000003c93c46d88 in ssl_verify_cert_chain () from /usr/lib64/libssl.so.10
#3 0x0000003c93c2569c in ssl3_get_server_certificate () from
/usr/lib64/libssl.so.10
#4 0x0000003c93c27d62 in ssl3_connect () from /usr/lib64/libssl.so.10
#5 0x0000003c93c2cbe3 in ssl3_read_bytes () from /usr/lib64/libssl.so.10
#6 0x0000003c93c28260 in ?? () from /usr/lib64/libssl.so.10
#7 0x00007f29c83fc99c in ssl_io_input_read () from /var/www/modules/mod_ssl.so
#8 0x00007f29c83ff6bd in ssl_io_filter_input () from
/var/www/modules/mod_ssl.so
#9 0x0000000000438b2e in ap_rgetline_core ()
#10 0x00007f29c86238c8 in ap_proxygetline () at mod_proxy_http.c:1161
#11 0x00007f29c8623d2b in ap_proxy_http_process_response.isra.2 () at
mod_proxy_http.c:1279
#12 0x00007f29c8626802 in proxy_http_handler () at mod_proxy_http.c:2011
#13 0x00007f29c8a3a63c in proxy_run_scheme_handler () from
/var/www/modules/mod_proxy.so
#14 0x00007f29c8a3b7d6 in proxy_handler () from /var/www/modules/mod_proxy.so
#15 0x0000000000450820 in ap_run_handler ()
#16 0x0000000000450db6 in ap_invoke_handler ()
#17 0x0000000000465fa3 in ap_process_async_request ()
#18 0x0000000000462561 in ap_process_http_connection ()
#19 0x0000000000459d50 in ap_run_process_connection ()
#20 0x000000000046f8c5 in process_socket () at event.c:1050
#21 0x000000000047018a in worker_thread () at event.c:2083
#22 0x0000003c84007aa1 in start_thread () from /lib64/libpthread.so.0
#23 0x0000003c83ce8c4d in clone () from /lib64/libc.so.6
If I remove +ExportCertData from SSLOptions it works. But I need the cert data.
Please let me know if there is a workaround or if there is more data I can
provide to help.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
