[
https://issues.apache.org/jira/browse/TS-4222?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Leif Hedstrom updated TS-4222:
------------------------------
Summary: Seg faults while processing ssl_multicert.config (was: ATS 6.2.0
seg faults while processing ssl_multicert.config)
> Seg faults while processing ssl_multicert.config
> ------------------------------------------------
>
> Key: TS-4222
> URL: https://issues.apache.org/jira/browse/TS-4222
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
> Affects Versions: 6.2.0
> Reporter: Prakhar Rudra
> Assignee: Sudheer Vinukonda
> Fix For: 6.1.2, 6.2.0
>
>
> ATS version 6.2.0 segment fault error while checking config using
> traffic_server -Cverify_config
> It occurs after "INFO: Successfully loaded plugin.config"
> only entry in ssl_multicert.config is as below,
> dest_ip=* ssl_cert_name=fullchain1.pem ssl_key_name=privkey1.pem
> gdb --args traffic_server -Cverify_config
> (gdb) run
> yields
> INFO: Successfully loaded plugin.config
> Thread 1 "traffic_server" received signal SIGSEGV, Segmentation fault.
> 0x0000000000000000 in ?? ()
> (gdb) print SSLConfigParams::load_ssl_file_cb
> $1 = (load_ssl_file_func) 0x0
> Thanks jpeach
> Details:
> http://pastebin.com/K0876r2T
> http://pastebin.com/iP5MAYLu
> Thanks
> Pulling the info from the above pastebin's to jira for posterity.
> {code}
> git clone https://github.com/tatsuhiro-t/spdylay.git
> cd spdylay/
> autoreconf -if
> automake
> autoconf
> ./configure --prefix=/usr
> make
> make install
> cd ../trafficserver/
> autoreconf -if
> export PKG_CONFIG_PATH=/usr/lib/pkgconfig
> ./configure --enable-spdy --enable-experimental-plugins
> --enable-linux-native-aio --with-zlib=/root/c/ats/zlib-1.2.8
> --with-pcre=/root/c/ats/pcre-8.38
> --with-openssl=/root/c/ats/openssl-1.0.1f[WITH CLOUDFLARE PATCH]
> **************
> gdb --args traffic_server -Cverify_config
> ...standard info..
> (gdb) run
> Starting program: /usr/local/bin/traffic_server -Cverify_config
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> traffic_server: using root directory '/usr/local'
> [New Thread 0x7ffff1f55700 (LWP 19595)]
> NOTE: VERIFY
> [New Thread 0x7ffff0c16700 (LWP 19596)]
> [New Thread 0x7ffff0a14700 (LWP 19597)]
> INFO:Successfully loaded remap.config
> INFO: Successfully loaded records.config
> INFO: Successfully loaded plugin.config
> Thread 1 "traffic_server" received signal SIGSEGV, Segmentation fault.
> 0x0000000000000000 in ?? ()
> (gdb) bt full
> #0 0x0000000000000000 in ?? ()
> No symbol table info available.
> #1 0x0000000000789374 in SSLInitServerContext
> (params=params@entry=0x117a140, sslMultCertSettings=..., certList=...)
> at SSLUtils.cc:1384
> bio = {_r = 0x1181f50}
> cert = 0x1182100
> ca = <optimized out>
> certname = <optimized out>
> cert_tok = {_data = <optimized out>, _delimiter = 44 ',', _mode = 0,
> _escape = 92 '\\', _start = <optimized out>,
> _length = <optimized out>}
> key_tok = {_data = <optimized out>, _delimiter = 44 ',', _mode = 0,
> _escape = 92 '\\', _start = 0,
> _length = <optimized out>}
> ca_tok = {_data = <optimized out>, _delimiter = 44 ',', _mode = 0,
> _escape = 92 '\\', _start = 0,
> _length = <optimized out>}
> server_verify_client = <optimized out>
> completeServerCertPath = <optimized out>
> ctx = <optimized out>
> digest = {digest = 0x0, engine = 0x7ffff7ffe4e0, flags =
> 140737488346576, md_data = 0x1f7ff7600, pctx = 0x7ffff7ffe188,
> update = 0x7fffffffddc0}
> ca_list = 0x0
> hash_buf =
> "\277\037D\000\000\000\000\000~KgY\000\000\000\000\377\377\377\377\000\000\000\000@\241\027\001\000\000\000\000\b\206\271\367\377\177\000\000\000v\377\367\377\177\000\000)\371\203\000\000\000\000\000\000l\231\365\377\177\000"
> hash_len = 0
> __FUNCTION__ = "SSLInitServerContext"
> additional_cache_flags = <optimized out>
> ud = {_configParams = 0x117a140, _serverDialog = 0x0, _serverCert =
> 0x117cef0 "fullchain1.pem",
> _serverKey = 0x117ceb0 "privkey1.pem"}
> #2 0x000000000078a370 in ssl_store_ssl_context
> (params=params@entry=0x117a140, lookup=lookup@entry=0x117c550,
> sslMultCertSettings=...) at SSLUtils.cc:1666
> cert_list = {n = 1, i = 0, v = 0x7fffffffded8, e = {0x1182100, 0x0,
> 0x0, 0x0}}
> ctx = <optimized out>
> keyblock = <optimized out>
> inserted = <optimized out>
> #3 0x000000000078b5e5 in SSLParseCertificateConfiguration
> (params=params@entry=0x117a140, lookup=lookup@entry=0x117c550)
> at SSLUtils.cc:1902
> sslMultiCertSettings = {session_ticket_enabled = 1, addr =
> {<ats_scoped_resource<detail::SCOPED_MALLOC_TRAITS<char> >> = {
> _r = 0x0}, <No data fields>}, cert =
> {<ats_scoped_resource<detail::SCOPED_MALLOC_TRAITS<char> >> = {
> _r = 0x117ce90 "fullchain1.pem"}, <No data fields>},
> first_cert =
> {<ats_scoped_resource<detail::SCOPED_MALLOC_TRAITS<char> >> = {
> _r = 0x117cef0 "fullchain1.pem"}, <No data fields>},
> ca = {<ats_scoped_resource<detail::SCOPED_MALLOC_TRAITS<char> >> =
> {_r = 0x0}, <No data fields>},
> key = {<ats_scoped_resource<detail::SCOPED_MALLOC_TRAITS<char> >> =
> {_r = 0x117ceb0 "privkey1.pem"}, <No data fields>},
> ticket_key_filename =
> {<ats_scoped_resource<detail::SCOPED_MALLOC_TRAITS<char> >> = {_r = 0x0}, <No
> data fields>},
> ---Type <return> to continue, or q <return> to quit---
> dialog = {<ats_scoped_resource<detail::SCOPED_MALLOC_TRAITS<char>
> >> = {_r = 0x0}, <No data fields>},
> opt = SSLCertContext::OPT_NONE}
> errPtr = <optimized out>
> tok_state = 0x1180cfe ""
> line = <optimized out>
> file_buf = <optimized out>
> line_num = 73
> line_info = {type = MATCH_NONE, dest_entry = 0, num_el = 2, line =
> {{0x1180cc8 "ssl_cert_name", 0x1180ce5 "ssl_key_name",
> 0x0 <repeats 38 times>}, {0x1180cd6 "fullchain1.pem", 0x1180cf2
> "privkey1.pem", 0x0 <repeats 38 times>}},
> line_num = 0, next = 0x0}
> sslCertTags = {match_host = 0x0, match_domain = 0x0, match_ip = 0x0,
> match_regex = 0x0, match_url = 0x0,
> match_host_regex = 0x0, dest_error_msg = false}
> __FUNCTION__ = "SSLParseCertificateConfiguration"
> __func__ = "SSLParseCertificateConfiguration"
> elevate_setting = <optimized out>
> elevate_access = {elevated = false, saved_uid = 65534, level = 0,
> cap_state = 0x0}
> #4 0x000000000077709c in SSLCertificateConfig::reconfigure () at
> SSLConfig.cc:393
> retStatus = true
> params = {ptr = 0x117a140}
> lookup = 0x117c550
> __FUNCTION__ = "reconfigure"
> #5 0x000000000077730c in SSLCertificateConfig::startup () at SSLConfig.cc:371
> params = {ptr = 0x117a140}
> __FUNCTION__ = "startup"
> #6 0x00000000004e6d2b in cmd_verify () at Main.cc:772
> exitStatus = <optimized out>
> params = <optimized out>
> #7 0x0000000000494049 in cmd_mode () at Main.cc:926
> No locals.
> #8 main (argv=<optimized out>) at Main.cc:1751
> admin_user_p = <optimized out>
> enabled = <optimized out>
> __FUNCTION__ = "main"
> user = {<ats_scoped_resource<detail::SCOPED_MALLOC_TRAITS<char> >> =
> {_r = 0x110ced0 "nobody"}, <No data fields>}
> main_thread = <optimized out>
> mlock_flags = <optimized out>
> machine_addr = {sa = {sa_family = 2, sa_data =
> "\000\000>qˎ\000\000\000\000\000\000\000"}, sin = {sin_family = 2,
> sin_port = 0, sin_addr = {s_addr = 2395697470}, sin_zero =
> "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2,
> sin6_port = 0, sin6_flowinfo = 2395697470, sin6_addr = {__in6_u =
> {__u6_addr8 = '\000' <repeats 15 times>,
> __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0,
> 0, 0}}}, sin6_scope_id = 0}}
> cluster_type = 3
> stacksize = 1048576
> num_remap_threads = <optimized out>
> {code}
> {code}
> Continued after http://pastebin.com/K0876r2T
> (gdb) l
> 1458 } else {
> 1459 Debug("log", "duping stderr");
> 1460 dup2(log_fd, STDERR_FILENO);
> 1461 close(log_fd);
> 1462 }
> 1463 }
> 1464 }
> 1465
> 1466 //
> 1467 // Main
> (gdb) l
> 1468 //
> 1469
> 1470 int
> 1471 main(int /* argc ATS_UNUSED */, const char **argv)
> 1472 {
> 1473 #if TS_HAS_PROFILER
> 1474 HeapProfilerStart("/tmp/ts.hprof");
> 1475 ProfilerStart("/tmp/ts.prof");
> 1476 #endif
> 1477 bool admin_user_p = false;
> (gdb) l -
> ...same as first , as usual ....
> (gdb) l -
> 1448 Debug("log", "duping stdout");
> 1449 dup2(log_fd, STDOUT_FILENO);
> 1450 close(log_fd);
> 1451 }
> 1452 }
> 1453 if (*bind_stderr != 0) {
> 1454 Debug("log", "binding stderr to %s", bind_stderr);
> 1455 log_fd = elevating_open(bind_stderr, O_WRONLY | O_APPEND |
> O_CREAT | O_SYNC, 0644);
> 1456 if (log_fd < 0) {
> 1457 fprintf(stdout, "[Warning]: TS unable to open log file \"%s\"
> [%d '%s']\n", bind_stderr, errno, strerror(errno));
> (gdb) l -
> 1438 {
> 1439 int log_fd;
> 1440 unsigned int flags = O_WRONLY | O_APPEND | O_CREAT | O_SYNC;
> 1441
> 1442 if (*bind_stdout != 0) {
> 1443 Debug("log", "binding stdout to %s", bind_stdout);
> 1444 log_fd = elevating_open(bind_stdout, flags, 0644);
> 1445 if (log_fd < 0) {
> 1446 fprintf(stdout, "[Warning]: TS unable to open log file \"%s\"
> [%d '%s']\n", bind_stdout, errno, strerror(errno));
> 1447 } else {
> (gdb) l
> ...same as..
> (gdb) l
> 1458 } else {
> 1459 Debug("log", "duping stderr");
> 1460 dup2(log_fd, STDERR_FILENO);
> 1461 close(log_fd);
> 1462 }
> 1463 }
> 1464 }
> 1465
> 1466 //
> 1467 // Main
> (gdb) l
> 1468 //
> 1469
> 1470 int
> 1471 main(int /* argc ATS_UNUSED */, const char **argv)
> 1472 {
> 1473 #if TS_HAS_PROFILER
> 1474 HeapProfilerStart("/tmp/ts.hprof");
> 1475 ProfilerStart("/tmp/ts.prof");
> 1476 #endif
> 1477 bool admin_user_p = false;
> (gdb) l
> 1478
> 1479 #if defined(DEBUG) && defined(HAVE_MCHECK_PEDANTIC)
> 1480 mcheck_pedantic(NULL);
> 1481 #endif
> 1482
> 1483 pcre_malloc = ats_malloc;
> 1484 pcre_free = ats_free;
> 1485
> 1486 // Verify system dependent 'constants'
> 1487 check_system_constants();
> (gdb) c
> Continuing.
> traffic_server: Segmentation fault (Address not mapped to object [(nil)])
> traffic_server - STACK TRACE:
> /lib/x86_64-linux-gnu/libpthread.so.0(+0x10cd0)[0x7ffff6450cd0]
> Thread 1 "traffic_server" received signal SIGSEGV, Segmentation fault.
> 0x0000000000000000 in ?? ()
> (gdb) l
> 1488
> 1489 // Define the version info
> 1490 appVersionInfo.setup(PACKAGE_NAME, "traffic_server",
> PACKAGE_VERSION, __DATE__, __TIME__, BUI;
> 1491
> 1492 // Before accessing file system initialize Layout engine
> 1493 Layout::create();
> 1494 chdir_root(); // change directory to the install root of traffic
> server.
> 1495
> 1496 process_args(&appVersionInfo, argument_descriptions,
> countof(argument_descriptions), argv);
> 1497 command_flag = command_flag || *command_string;
> (gdb) c
> Continuing.
> Couldn't get registers: No such process.
> Couldn't get registers: No such process.
> Couldn't get registers: No such process.
> (gdb) [Thread 0x7ffff0a14700 (LWP 19601) exited]
> [Thread 0x7ffff0c16700 (LWP 19600) exited]
> [Thread 0x7ffff7fe0780 (LWP 19598) exited]
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
