NetBSD Problem Report #43004

From gson@gson.org  Thu Mar 18 18:09:35 2010
Return-Path: <gson@gson.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id E862E63B11D
	for <gnats-bugs@gnats.NetBSD.org>; Thu, 18 Mar 2010 18:09:34 +0000 (UTC)
Message-Id: <20100318180929.EE74B75FB0@guava.gson.org>
Date: Thu, 18 Mar 2010 20:09:29 +0200 (EET)
From: gson@gson.org (Andreas Gustafsson)
Reply-To: gson@gson.org (Andreas Gustafsson)
To: gnats-bugs@gnats.NetBSD.org
Subject: www/lighttpd segfaults in ssl3_finish_mac()
X-Send-Pr-Version: 3.95

>Number:         43004
>Category:       pkg
>Synopsis:       www/lighttpd segfaults in ssl3_finish_mac()
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 18 18:10:00 +0000 2010
>Closed-Date:    Mon Dec 29 09:08:56 +0000 2014
>Last-Modified:  Mon Dec 29 09:08:56 +0000 2014
>Originator:     Andreas Gustafsson
>Release:        NetBSD 5.0.2
>Organization:
>Environment:
System: NetBSD gunk.araneus.fi 5.0.2 NetBSD 5.0.2 (PANIX-VC) #2: Wed Mar 17 11:07:58 EDT 2010 root@juggler.panix.com:/misc3/obj/misc2/devel/netbsd/5.0.2/src/sys/arch/i386/compile/PANIX-VC i386
Architecture: i386
Machine: i386
>Description:

Using a lighttpd 1.4.26 web server freshly built from current pkgsrc
on NetBSD 5.0.2 (i386/xen) to serve https traffic, the lighttpd
process occasionally segfaults.  Here is a backtrace:

  Core was generated by `lighttpd'.
  Program terminated with signal 11, Segmentation fault.
  #0  0xbb7a5b9c in ssl3_finish_mac () from /usr/lib/libssl.so.6
  (gdb) where
  #0  0xbb7a5b9c in ssl3_finish_mac () from /usr/lib/libssl.so.6
  #1  0xbb7a23e6 in ssl3_do_write () from /usr/lib/libssl.so.6
  #2  0xbb792392 in ssl3_send_server_hello () from /usr/lib/libssl.so.6
  #3  0xbb794783 in ssl3_accept () from /usr/lib/libssl.so.6
  #4  0xbb7a9805 in SSL_accept () from /usr/lib/libssl.so.6
  #5  0xbb787bcb in ssl23_get_client_hello () from /usr/lib/libssl.so.6
  #6  0xbb788356 in ssl23_accept () from /usr/lib/libssl.so.6
  #7  0xbb78c0ef in ssl23_read () from /usr/lib/libssl.so.6
  #8  0xbb7a90e6 in SSL_read () from /usr/lib/libssl.so.6
  #9  0x08052669 in connection_handle_read_ssl (srv=0xbb401400, con=0xbb404c00) at connections.c:219
  #10 0x080528d6 in connection_handle_read (srv=0xbb401400, con=0xbb404c00) at connections.c:324
  #11 0x08053d33 in connection_handle_read_state (srv=0xbb401400, con=0xbb404c00) at connections.c:890
  #12 0x08054807 in connection_handle_fdevent (s=0xbb401400, context=0xbb404c00, revents=1) at connections.c:1228
  #13 0x080503bc in main (argc=3, argv=0xbf7fed84) at server.c:1446
  (gdb)

The only SSL related options used in the lighttpd.conf file are
"ssl.engine" and "ssl.pemfile".

Perhaps this is related to the Apache segfaults discussed in the
thread beginning with the message
http://mail-index.netbsd.org/netbsd-users/2009/11/21/msg004905.html

>How-To-Repeat:

Set up a lighttpd web server with SSL.  Serve traffic.

>Fix:

Not known.

>Release-Note:

>Audit-Trail:
From: Manuel Bouyer <bouyer@antioche.eu.org>
To: gnats-bugs@NetBSD.org
Cc: pkg-manager@NetBSD.org, gnats-admin@NetBSD.org, pkgsrc-bugs@NetBSD.org
Subject: Re: pkg/43004: www/lighttpd segfaults in ssl3_finish_mac()
Date: Fri, 19 Mar 2010 18:22:50 +0100

 On Thu, Mar 18, 2010 at 06:10:00PM +0000, Andreas Gustafsson wrote:
 > >Description:
 > 
 > Using a lighttpd 1.4.26 web server freshly built from current pkgsrc
 > on NetBSD 5.0.2 (i386/xen) to serve https traffic, the lighttpd
 > process occasionally segfaults.  Here is a backtrace:
 > 
 >   Core was generated by `lighttpd'.
 >   Program terminated with signal 11, Segmentation fault.
 >   #0  0xbb7a5b9c in ssl3_finish_mac () from /usr/lib/libssl.so.6
 >   (gdb) where
 >   #0  0xbb7a5b9c in ssl3_finish_mac () from /usr/lib/libssl.so.6
 >   #1  0xbb7a23e6 in ssl3_do_write () from /usr/lib/libssl.so.6
 >   #2  0xbb792392 in ssl3_send_server_hello () from /usr/lib/libssl.so.6
 >   #3  0xbb794783 in ssl3_accept () from /usr/lib/libssl.so.6
 >   #4  0xbb7a9805 in SSL_accept () from /usr/lib/libssl.so.6
 >   #5  0xbb787bcb in ssl23_get_client_hello () from /usr/lib/libssl.so.6
 >   #6  0xbb788356 in ssl23_accept () from /usr/lib/libssl.so.6
 >   #7  0xbb78c0ef in ssl23_read () from /usr/lib/libssl.so.6
 >   #8  0xbb7a90e6 in SSL_read () from /usr/lib/libssl.so.6
 >   #9  0x08052669 in connection_handle_read_ssl (srv=0xbb401400, con=0xbb404c00) at connections.c:219
 >   #10 0x080528d6 in connection_handle_read (srv=0xbb401400, con=0xbb404c00) at connections.c:324
 >   #11 0x08053d33 in connection_handle_read_state (srv=0xbb401400, con=0xbb404c00) at connections.c:890
 >   #12 0x08054807 in connection_handle_fdevent (s=0xbb401400, context=0xbb404c00, revents=1) at connections.c:1228
 >   #13 0x080503bc in main (argc=3, argv=0xbf7fed84) at server.c:1446
 >   (gdb)

 I've seen similar backtrace from freeradius2. I fear the problem is in
 openssl itself :(

 -- 
 Manuel Bouyer <bouyer@antioche.eu.org>
      NetBSD: 26 ans d'experience feront toujours la difference
 --

State-Changed-From-To: open->feedback
State-Changed-By: shattered@NetBSD.org
State-Changed-When: Sat, 15 Oct 2011 20:40:56 +0000
State-Changed-Why:
Does it still crash?  If it does, http://rt.openssl.org/Ticket/Display.html?id=2214&user=guest&pass=guest should help.


From: Andreas Gustafsson <gson@gson.org>
To: gnats-bugs@NetBSD.org
Cc: pkg-manager@netbsd.org,
    pkgsrc-bugs@netbsd.org,
    gnats-admin@netbsd.org,
    shattered@NetBSD.org
Subject: Re: pkg/43004 (www/lighttpd segfaults in ssl3_finish_mac())
Date: Sun, 16 Oct 2011 11:20:15 +0300

 shattered@NetBSD.org wrote:
 > Does it still crash?  If it does,
 > http://rt.openssl.org/Ticket/Display.html?id=2214&user=guest&pass=guest
 > should help.

 I don't have a good way of testing this.  I have successfully worked
 around the problem by setting "PREFER_PKGSRC+= openssl" in
 /etc/mk.conf, and I'm not going to try removing that because my
 livelihood depends on the server in case not crashing.  I don't know a
 way to reproduce the problem with synthetically generated SSL traffic,
 either.
 -- 
 Andreas Gustafsson, gson@gson.org

State-Changed-From-To: feedback->open
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sat, 05 Nov 2011 14:07:48 +0000
State-Changed-Why:
Submitter can't test. If using a newer openssl from pkgsrc solves the
problem, then the best approach is probably to do that. We can also set
the minimum openssl version for lighttpd higher, which should cause it
to automatically use the pkgsrc version if the native version isn't
new enough, but someone needs to figure out/decide what version to set
it to.


State-Changed-From-To: open->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Mon, 29 Dec 2014 09:08:56 +0000
State-Changed-Why:
these days we always use pkgsrc openssl on netbsd-5, so this problem is
worked around.


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.