Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 21 Jan 2019 19:59:01 +0100
From:      Stefan Bethke <stb@lassitu.de>
To:        FreeBSD Ports <freebsd-ports@freebsd.org>
Subject:   PHP 7.2: SIGSEGV in OpenSSL
Message-ID:  <67841009-B4BC-4F0A-BB53-77487EE19CBD@lassitu.de>
next in thread | raw e-mail | index | archive | help 
I'm seeing a lot of coredumps with a stack trace similar to this, on a =
12-stable machine:

# gdb /usr/local/sbin/httpd /httpd.core=20
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you =
are
welcome to change it and/or distribute copies of it under certain =
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for =
details.
This GDB was configured as "amd64-marcel-freebsd"...
Core was generated by `/usr/local/sbin/httpd -DNOHTTPACCEPT'.
Program terminated with signal 11, Segmentation fault.
...
(gdb) bt
#0  openssl_lh_strcasehash (c=3D0x803466cf2 <Address 0x803466cf2 out of =
bounds>)
    at /freebsd/checkout/src/12/crypto/openssl/crypto/lhash/lhash.c:361
#1  0x000000080138564d in obj_name_hash (a=3D0x7fffffffe9d0)
    at =
/freebsd/checkout/src/12/crypto/openssl/crypto/objects/o_names.c:166
#2  0x000000080143be77 in OPENSSL_LH_delete (lh=3D0x800a27240,=20
    data=3D0x7fffffffe9d0)
    at /freebsd/checkout/src/12/crypto/openssl/crypto/lhash/lhash.c:302
#3  0x00000008013852c8 in OBJ_NAME_remove (
    name=3D0x803466cf2 <Address 0x803466cf2 out of bounds>, type=3D1)
    at obj_lcl.h:12
#4  0x000000080143c15a in OPENSSL_LH_doall (lh=3D0x800a27240,=20
    func=3D0x8013855c0 <names_lh_free_doall>)
    at /freebsd/checkout/src/12/crypto/openssl/crypto/lhash/lhash.c:198
#5  0x0000000801385558 in OBJ_NAME_cleanup (type=3D1) at obj_lcl.h:12
#6  0x0000000801392918 in evp_cleanup_int ()
    at /freebsd/checkout/src/12/crypto/openssl/crypto/evp/names.c:83
#7  0x000000080146e39d in OPENSSL_cleanup ()
    at /freebsd/checkout/src/12/crypto/openssl/crypto/init.c:567
#8  0x00000008007a24e5 in __cxa_finalize (dso=3D0x0)
    at /freebsd/checkout/src/12/lib/libc/stdlib/atexit.c:233
#9  0x00000008007320e1 in exit (status=3D54947058)
    at /freebsd/checkout/src/12/lib/libc/stdlib/exit.c:62
#10 0x0000000800a55118 in ?? ()
#11 0x00007fffffffeb90 in ?? ()

The one case I could isolate the PHP code is calling =
stream_socket_enable_crypto(), but I suspect there might be others. Is =
anybody else seeing this?


Stefan

--=20
Stefan Bethke <stb@lassitu.de>   Fon +49 151 14070811

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?67841009-B4BC-4F0A-BB53-77487EE19CBD>