I've been doing a little debugging under linux and
seem to have found an issue in ssl_kernel_engine.c.
On line 1001 X509_free(cert) is called. When a call to
get the cert is used later on line 1033 the memory
looks corrupt and a SEGV happens on the next line. I
removed the X509_free(cert) on line 1001 and the SEGV
stopped (am I now leaking memory?).
Is the cert being freed already by the
sk_X509_pop_free on line 999 (after being place on the
stack in previous code)?
997 if (SSL_get_peer_cert_chain(ssl) !=
certstack) {
998 /* created by us, so free it */
999 sk_X509_pop_free(certstack,
X509_free);
1000 }
1001 X509_free(cert);
}
Any help appreciated.
Thanks
Matt
--- Matt Stevenson <[EMAIL PROTECTED]> wrote:
> Hi,
>
> With the release of openssl-0.9.6k I recompiled and
> updated my apache installs to 1.3.28/modssl-2.8.15
> from 1.3.27/modssl-2.8.12. I compiled up on Linux
> and
> Solaris. When running I randomly get a SIGBUS on
> Solaris and a SIGSEGV on linux. I'm using client
> certificates. I've a large number of servers (>50)
> running fine on 1.3.27/2.8.12.
>
> The issue seems to be with the "SSLOptions
> +OptRenegotiate" option. When going from a non
> client
> cert location to a client cert location.
>
> The backtrace from dbx on solaris is
>
> [EMAIL PROTECTED] ([EMAIL PROTECTED]) signal BUS (invalid address alignment) in
> sk_value at 0xfebed534
> 0xfebed534: sk_value+0x0014: ld [%g3 + %g2],
> %o0
> (/opt/SUNWspro/bin/../WS6/bin/sparcv9/dbx) where
> current thread: [EMAIL PROTECTED]
> =>[1] sk_value(0x132990, 0x0, 0x3, 0xfed27eb0,
> 0x260,
> 0x132980), at 0xfebed534
> [2] X509_NAME_oneline(0x132980, 0x0, 0x0, 0x0,
> 0xc7,
> 0xffbef4d0), at 0xfec1e6dc
> [3] ssl_hook_Access(0xf0f30, 0xfed64cf4, 0xad400,
> 0x24bec, 0x0, 0xf26b8), at 0xfed65b74
> [4] run_method(0xf0f30, 0x10, 0x1, 0x0, 0x0,
> 0xff00), at 0x2052c
> [5] ap_check_access(0xf0f30, 0x93460, 0x93400,
> 0x91659, 0x45, 0x65), at 0x20620
> [6] process_request_internal(0xf0f30, 0x0, 0x16,
> 0xcd, 0xeffffc00, 0x1), at 0x40180
> [7] ap_process_request(0xf0f30, 0xc8, 0xf0f30,
> 0xffbef8e0, 0xffbef8f0, 0x5), at 0x405ac
> [8] child_main(0x5, 0x31298, 0x31000, 0xff17b250,
> 0xff175980, 0xff16efe0), at 0x33284
> [9] make_child(0xb0bf0, 0x5, 0x3f8154e3, 0xcd,
> 0xff23b1d4, 0xffbefa18), at 0x335fc
> [10] perform_idle_server_maintenance(0x0,
> 0xffbefb1c, 0x0, 0xb0bf0, 0x90ed8, 0x8fa80), at
> 0x33b10
> [11] standalone_main(0x6, 0xffbefc4c, 0x0, 0x0,
> 0xff23b02c, 0x90ff0), at 0x34384
> [12] main(0x6, 0xffbefc4c, 0xffbefc68, 0xadd98,
> 0x0,
> 0x0), at 0x34cc4
>
> the cofiguration for a typical SSL server is ...
>
> SSLEngine on
> SSLCipherSuite
>
ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
> SSLCertificateFile
> /opt/apache_test/conf/ssl.crt/server.crt
> SSLCertificateKeyFile
> /opt/apache_test/conf/ssl.key/server.key
> SSLCACertificateFile
> /opt/apache_test/conf/ssl.crt/CA.crt
> SSLVerifyDepth 2
> SSLOptions +StdEnvVars +ExportCertData
>
> SSLPassPhraseDialog builtin
> SSLSessionCache
>
shmcb:/opt/apache_test/sites/debug.internal.net/logs/ssl_scache(512000)
> SSLSessionCacheTimeout 300
> SSLMutex
>
file:/opt/apache_test/sites/debug.internal.net/logs/ssl_mutex
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLLog
>
/opt/apache_test/sites/debug.internal.net/logs/ssl_engine_log
> SSLLogLevel Warn
>
> <LocationMatch "/images/.*">
> SSLVerifyClient optional
> SSLOptions +OptRenegotiate
> </LocationMatch>
>
> When entering the images directory some but not all
> of
> the httpd children die. I'm going to get a linux
> debug
> server running. Hopefully someone can replicate the
> issue? Or suggest a fix.
>
> Thanks
> Matt
>
>
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Shopping - with improved product
> search
> http://shopping.yahoo.com
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> User Support Mailing List
> [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
__________________________________
Do you Yahoo!?
Exclusive Video Premiere - Britney Spears
http://launch.yahoo.com/promos/britneyspears/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
