[EMAIL PROTECTED] - Wed Jul 20 13:07:31 2005]: > I also tried to research it somewhat more, it seems that what is > happening > is that on some stage when timeout happens OpenSSL returns OK result > from > SSL_write but somehow s->s2 and s->s3 become NULL, so on next > SSL_write it > crashes. I'd appreciate guidance on what could be the problem. > > OS is Linux on x86, OpenSSL compiled by gcc 2.96.
valgrind will show what the problem is. Apache uses SIGALRM handler for timeouts. Inside the mod_ssl timeout handler function, it shuts down the SSL connection and SSL_free()'s the SSL context. It looks like the problem is that you were blocked in a write() inside openssl when the SIGALRM happened, and soon after that write() returns there is code referring to the SSL context that was free()'d in the timeout handler. Boom. My big question is why there aren't more people seeing this. I've found about 3 other people in the past two years who've reported this issue on both the mod_ssl and openssl lists, but I can't find any resolution to their issue. ==30422== Invalid read of size 4 ==30422== at 0x1BA3C781: sock_write (bss_sock.c:226) ==30422== by 0x1BA3A90D: BIO_write (bio_lib.c:200) ==30422== by 0x1B9CB94A: ssl3_write_pending (s3_pkt.c:696) ==30422== by 0x1B9CB5BD: ssl3_write_bytes (s3_pkt.c:541) ==30422== by 0x1B9C9743: ssl3_write (s3_lib.c:1299) ==30422== by 0x1B9D1AAB: SSL_write (ssl_lib.c:756) ==30422== by 0x8081031: ssl_io_hook_write (ssl_engine_io.c:384) ==30422== by 0x80B983E: ap_hook_call_func (ap_hook.c:721) ==30422== by 0x80B945F: ap_hook_call (ap_hook.c:382) ==30422== by 0x8094B73: ap_write (buff.c:318) ==30422== by 0x8095913: write_with_errors (buff.c:365) ==30422== by 0x80959C6: bcwrite (buff.c:1170) ==30422== Address 0x1BB6CBAC is 20 bytes inside a block of size 64 free'd ==30422== at 0x1B9019D9: free (vg_replace_malloc.c:152) ==30422== by 0x1BA0AF7C: CRYPTO_free (mem.c:254) ==30422== by 0x1BA3A6B6: BIO_free (bio_lib.c:136) ==30422== by 0x1BA3B09F: BIO_free_all (bio_lib.c:456) ==30422== by 0x1B9D0F74: SSL_free (ssl_lib.c:354) ==30422== by 0x807DF8D: ssl_hook_CloseConnection (ssl_engine_kernel.c:533) ==30422== by 0x809FC34: ap_call_close_connection_hook (http_main.c:460) ==30422== by 0x80A071F: timeout (http_main.c:1584) ==30422== by 0x80A0912: alrm_handler (http_main.c:1646) ==30422== by 0x1B91574D: __pthread_sighandler (in /lib/i686/libpthread-0.10.so) ==30422== by 0x42028557: (within /lib/i686/libc-2.3.2.so) ==30422== by 0x1BA3A90D: BIO_write (bio_lib.c:200) ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
