On Wed, Oct 27, 1999 at 08:31:31AM +0200, Ralf S. Engelschall wrote:
> On Tue, Oct 26, 1999, David Kerry wrote:
<snip>
> Hmmm... so let us summarize it: The segfault occurs either still inside
> OpenSSL's SSL_accept() or directly after this call inside mod_ssl. The problem
> is just that SSL_accept() calls internally a lot of code inside OpenSSL, so
> this is not easy to debug. You should start by compiling OpenSSL with "-g
> -ggdb3" to really get a backtrace this time.
>
Ok, I've finally caught the culprit in action. Let me know if there's any other
output that might be useful and I'll try to get a hold of it.
And, for reference, here's the seed values I've put in httpd.conf:
(mind you it also did this without any SSLRandomSeed specified at all, as well)
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/urandom 512
And again a quick summary of the system:
-apache 1.3.9
-mm 1.0.12
-openssl 0.9.4
-mod_ssl 2.4.6
-php 3.0.12
-ApacheJserv 1.0
all running on an intel Debian 2.1/slink (2.0.36 kernel)
GNU gdb 4.17.m68k.objc.threads.hwwp.fpu.gnat
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i486-pc-linux-gnu"...
(gdb) attach 24885
Attaching to program `/usr/sbin/apache', Pid 24885
Reading symbols from /lib/libm.so.6...done.
Reading symbols from /lib/libcrypt.so.1...done.
Reading symbols from /lib/libdb.so.2...done.
Reading symbols from /lib/libdl.so.2...done.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/ld-linux.so.2...done.
Reading symbols from /lib/libnsl.so.1...done.
Reading symbols from /lib/libnss_compat.so.1...done.
Reading symbols from /lib/libnss_files.so.1...done.
Reading symbols from /usr/lib/apache/1.3/mod_log_config.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_mime.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_negotiation.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_info.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_include.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_autoindex.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_dir.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_cgi.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_asis.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_imap.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_actions.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_userdir.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_alias.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_rewrite.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_access.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_auth.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_auth_anon.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_auth_dbm.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_expires.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_headers.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_usertrack.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_unique_id.so...done.
Reading symbols from /usr/lib/apache/1.3/mod_setenvif.so...done.
Reading symbols from /usr/lib/apache/1.3/libssl.so...done.
Reading symbols from /usr/lib/apache/1.3/libphp3.so...done.
Reading symbols from /usr/lib/libpq.so.1...done.
Reading symbols from /lib/libresolv.so.2...done.
Reading symbols from /usr/lib/apache/1.3/mod_jserv.so...done.
Reading symbols from /lib/libnss_dns.so.1...done.
0x400d474e in ()
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x21fb in ?? ()
(gdb) where
#0 0x21fb in ?? ()
#1 0x402d9c9d in ssl3_get_client_key_exchange (s=0x812f230) at s3_srvr.c:1240
#2 0x402d7f79 in ssl3_accept (s=0x812f230) at s3_srvr.c:344
#3 0x402c92a8 in SSL_accept (s=0x812f230) at ssl_lib.c:603
#4 0x402c53a4 in ssl23_get_client_hello (s=0x812f230) at s23_srvr.c:498
#5 0x402c47a3 in ssl23_accept (s=0x812f230) at s23_srvr.c:159
#6 0x402c92a8 in SSL_accept (s=0x812f230) at ssl_lib.c:603
#7 0x402ac089 in ssl_hook_NewConnection (conn=0x81253c0) at ssl_engine_kernel.c:229
#8 0x8061921 in new_connection (p=0x80e0a10, server=0x80b4930, inout=0x80e0a48,
remaddr=0xbffffbc8, saddr=0xbffffbd8,
child_num=1) at http_main.c:3146
#9 0x8062a1d in child_main (child_num_arg=1) at http_main.c:4104
#10 0x8062cfc in make_child (s=0x80b4930, slot=1, now=941200754) at http_main.c:4293
#11 0x80630ba in perform_idle_server_maintenance () at http_main.c:4457
#12 0x8063655 in standalone_main (argc=2, argv=0xbffffd4c) at http_main.c:4689
#13 0x8063dd3 in main (argc=2, argv=0xbffffd4c) at http_main.c:4944
(gdb) up
#1 0x402d9c9d in ssl3_get_client_key_exchange (s=0x812f230) at s3_srvr.c:1240
1240 i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
(gdb) p n
$1 = 64
(gdb) p p
$2 = (
unsigned char *) 0x8148be8
"|o�B��&���\207ƴ$\230�I�\234HS\e\222�)�Y\023\232�\032\227\205y��hqey�\034���T\233��\2024Ͻ\r��k�\025��-gB�F�LR3"
(gdb) p rsa
$3 = (RSA *) 0x810ae58
(gdb) p *rsa
$4 = {pad = 0, version = 0, meth = 0x40358a98, n = 0x810af38, e = 0x8107f60, d =
0x810b088, p = 0x810af20, q = 0x8107f88,
dmp1 = 0x810b340, dmq1 = 0x810b440, iqmp = 0x810b488, ex_data = {sk = 0x0, dummy =
0}, references = 2, flags = 6,
_method_mod_n = 0x0, _method_mod_p = 0x0, _method_mod_q = 0x0, bignum_data = 0x0,
blinding = 0x0}
(gdb) p &p
$5 = (unsigned char **) 0xbffffa44
(gdb) q
--
David Kerry ([EMAIL PROTECTED])
Stable Network Technologies Inc. (www.snti.com)
Toronto, Ontario, Canada
Tel: (416) 367-2745 Fax: (416) 861-0650
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
