[Pkg-openssl-devel] Bug#536229: AW: Bug#536229: Core-Dump / Segementationfault DBD::Oracle together with SSL connections

Hartmut.Vogler at t-systems.com Hartmut.Vogler at t-systems.com
Wed Jul 8 12:41:52 UTC 2009


> On Wed, Jul 08, 2009 at 01:46:55PM +0200, Vogler Hartmut wrote:
> > Package: libssl0.9.8
> > Version: 0.9.8g-15+lenny1
> > Severity: grave
> > File: libssl
>
> > The problem can be reproduce in a standard Debian (Lenny)
enviroment:
>
> Can you please provide some info on how to reproduce this, and why you
think this is a bug in libssl0.9.8?
> 
> Do you for instance have a backtrace of that core dump?
> 
> Note that I do not have oracle, so I doubt that I can reproduce this.
> 
> 
> Kurt

I have used "reportbug" to send the bug description, but it seems, that
reportbug has send my description to /dev/null :-)

Ok,

the problem is reproduceable with perl in cobination with DBD::Oracle
and any SSL Application based on Net::SSL. I have already send the
problem to DBD::Oracle bug list in a very detailed form
http://rt.cpan.org/Public/Bug/Display.html?id=47042

A very simple test script is ...

--------------------------------------------
#!/usr/bin/perl
use strict;
use DBI;
use LWP::UserAgent;

sub tst1 {
my $ADDR='https://darwin.telekom.de/darwin/auth/base/menu/root';
my $ua=LWP::UserAgent->new();
my $request = HTTP::Request->new(GET => $ADDR);
my $response = $ua->request($request) or warn "cannot request";
}

printf("DEBUG: before DBI connect\n");
my $db=DBI->connect("dbi:Oracle:myoracledb","MYACCOUNT","?????");
printf("DEBUG: before function tst1()\n");
tst1();
printf("DEBUG: after function tst1()\n");
--------------------------------------------

... witch opens a oracle database connection via DBD::Oracle and then
make any ssl connection. If you do this, you will get a core dump or any
other perl error. With the LWP::Useragent (as descriped in the script) i
get "heavy" perl error:

*** glibc detected *** /usr/bin/perl: free(): invalid pointer:
0xb7f76190 ***
======= Backtrace: =========
/lib/libc.so.6[0xb7ea5845]
/lib/libc.so.6(cfree+0x9c)[0xb7ea76ec]

... (the rest is listed in
http://rt.cpan.org/Public/Bug/Display.html?id=47042 ).

I looks to me, there is any bug while freeing SSL connections in the
openssl library. Curiously the problem only happens in combination with
DBD::Oracle - but this can be founded on the heavy memory usage of
oracle (loading of 200MB shared librarys can bring deep hidden bugs to
the daylight)







More information about the Pkg-openssl-devel mailing list