Bug 43717 - Apache 2.x goes down with 2000+ includes
Summary: Apache 2.x goes down with 2000+ includes
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.2-HEAD
Hardware: Other Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Depends on:
Reported: 2007-10-29 00:29 UTC by Lit
Modified: 2007-12-10 11:55 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Lit 2007-10-29 00:29:33 UTC
Apache starts to segfault with 2000+ includes (everything is okay with ~600-1000

(gdb) b ap_process_request
Note: breakpoints 1 and 3 also set at pc 0x809f9e9.
Breakpoint 4 at 0x809f9e9: file http_request.c, line 252.
(gdb) run -X -d /etc/httpd
Starting program: /usr/sbin/httpd -X -d /etc/httpd
[Thread debugging using libthread_db enabled]
[New Thread -1208407840 (LWP 30464)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208407840 (LWP 30464)]
0x00e21d63 in RAND_SSLeay () from /lib/libcrypto.so.4
(gdb) n
Single stepping until exit from function RAND_SSLeay,
which has no line number information.

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
Comment 1 Joe Orton 2007-10-29 04:12:21 UTC
This is an OpenSSL bug, fixed in 0.9.8c and later.  (it uses select() rather
than poll() and doesn't check for the FD_SETSIZE overflow)
Comment 2 Lit 2007-12-10 07:04:31 UTC
What do you think about this patch?

diff -Nur httpd-2.2.6.orig/modules/ssl/ssl_engine_rand.c
--- httpd-2.2.6.orig/modules/ssl/ssl_engine_rand.c      2006-07-11
22:38:44.000000000 -0500
+++ httpd-2.2.6/modules/ssl/ssl_engine_rand.c   2007-10-01 17:28:24.000000000 -0500
@@ -127,9 +127,23 @@
     ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
                  "%sSeeding PRNG with %d bytes of entropy", prefix, nDone);

+ * RAND_status() will generate segfaults when more than 1024 filedescriptors are
+ * open on OpenSSL versions before 0.9.8c and 0.9.7k
+ */
+#if SSL_LIBRARY_VERSION < 0x00908000
+#if SSL_LIBRARY_VERSION >= 0x009070b0
     if (RAND_status() == 0)
         ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
                      "%sPRNG still contains insufficient entropy!", prefix);
+#if SSL_LIBRARY_VERSION >= 0x00908030
+    if (RAND_status() == 0)
+        ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
+                     "%sPRNG still contains insufficient entropy!", prefix);

     return nDone;
Comment 3 Joe Orton 2007-12-10 11:55:18 UTC
I see no need to add complexity to mod_ssl to attempt to work around this bug,
it's a bug in OpenSSL and has been fixed there.