[Pkg-openssl-devel] Bug#870018: openssl: SIGSEGV/coredump on process stop when TLS is enabled in kamailio
Michael Prokop
mika at debian.org
Fri Jul 28 22:12:16 UTC 2017
Package: openssl
Version: 1.1.0f-3
Severity: normal
Hi,
when kamailio has TLS enabled it coredumps when stopping its
process. This issue was noticed in Debian/stretch and the steps to
reproduce it are as follows (thanks to Victor Seva for providing
STR, tested within a sid chroot):
apt-get update ; apt-get install --assume-yes kamailio kamailio-tls-modules ssl-cert procps
adduser kamailio ssl-cert
ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/kamailio/kamailio-selfsigned.key
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/kamailio/kamailio-selfsigned.pem
echo '#!define WITH_TLS' > /etc/kamailio/kamailio-local.cfg
mount -t proc proc /proc
kamailio -f /etc/kamailio/kamailio.cfg &
kill $(pgrep kamailio | head -1)
Then this will result in the following coredump:
# file /core
/core: ELF 64-bit LSB core file x86-64, version 1 (SYSV), SVR4-style, from 'kamailio -f /etc/kamailio/kamailio.cfg', real uid: 0, effective uid: 0, real gid: 0, effective gid: 0, execfn: '/sbin/kamailio', platform: 'x86_64'
More debugging information:
# echo 'deb http://debug.mirrors.debian.org/debian-debug/ stretch-debug main' >> /etc/apt/sources.list.d/debian.list
# apt-get update ; apt-get install --assume-yes gdb libssl1.1-dbgsym libc6-dbg kamailio-dbg
# apt-get source kamailio libssl-dev
# cd openssl-1.1.0f/ssl
# gdb kamailio /core
GNU gdb (Debian 7.12-6) 7.12.0.20161007-git
[...]
Reading symbols from kamailio...Reading symbols from /usr/lib/debug/.build-id/e9/a705ef832a4933fd0b762abb6f7cf68f2c8c1a.debug...done.
done.
[New LWP 25615]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `kamailio -f /etc/kamailio/kamailio.cfg'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 ossl_init_thread_stop (locals=0x7f052cceed00) at ../crypto/init.c:332
332 if (locals->async) {
(gdb) bt
#0 ossl_init_thread_stop (locals=0x7f052cceed00) at ../crypto/init.c:332
#1 0x00007f0530d05234 in OPENSSL_cleanup () at ../crypto/init.c:400
#2 0x00007f0534f66910 in __run_exit_handlers (status=0, listp=0x7f05352ca5d8 <__exit_funcs>, run_list_atexit=run_list_atexit at entry=true, run_dtors=run_dtors at entry=true) at exit.c:83
#3 0x00007f0534f6696a in __GI_exit (status=<optimized out>) at exit.c:105
#4 0x00005570ff072d54 in handle_sigs () at main.c:699
#5 0x00005570ff07da43 in main_loop () at main.c:1758
#6 0x00005570ff083fb9 in main (argc=3, argv=0x7ffe202f4928) at main.c:2646
(gdb) bt full
#0 ossl_init_thread_stop (locals=0x7f052cceed00) at ../crypto/init.c:332
No locals.
#1 0x00007f0530d05234 in OPENSSL_cleanup () at ../crypto/init.c:400
currhandler = <optimized out>
lasthandler = <optimized out>
#2 0x00007f0534f66910 in __run_exit_handlers (status=0, listp=0x7f05352ca5d8 <__exit_funcs>, run_list_atexit=run_list_atexit at entry=true, run_dtors=run_dtors at entry=true) at exit.c:83
atfct = <optimized out>
onfct = <optimized out>
cxafct = <optimized out>
f = <optimized out>
#3 0x00007f0534f6696a in __GI_exit (status=<optimized out>) at exit.c:105
No locals.
#4 0x00005570ff072d54 in handle_sigs () at main.c:699
chld = 539968736
chld_status = 539968768
any_chld_stopped = 32766
memlog = 0
__func__ = "handle_sigs"
#5 0x00005570ff07da43 in main_loop () at main.c:1758
i = 8
pid = 25670
si = 0x0
si_desc = "udp receiver child=7 sock=10.10.12.34:5060\000\000\000\000\000\000(\357>\377pU\000\000\000\264\323w9\312\\/\020\312\307,\005\177\000\000W\350*4\000\000\000\000\300\377\006\377pU\000\000 I/ \376\177", '\000' <repeats 18 times>, "PF/ \376\177\000\000\004\357)\377pU\000"
nrprocs = 8
woneinit = 1
__func__ = "main_loop"
#6 0x00005570ff083fb9 in main (argc=3, argv=0x7ffe202f4928) at main.c:2646
cfg_stream = 0x55710168d010
c = -1
r = 0
tmp = 0x7ffe202f4760 "\377\377\377\377"
tmp_len = 898697872
port = 32517
proto = 539969536
options = 0x5570ff3c70e8 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:"
ret = -1
seed = 3227959873
rfd = 4
debug_save = 0
debug_flag = 0
dont_fork_cnt = 0
n_lst = 0x0
p = 0xffffffff <error: Cannot access memory at address 0xffffffff>
st = {st_dev = 64771, st_ino = 222103, st_nlink = 2, st_mode = 16877, st_uid = 101, st_gid = 101, __pad0 = 0, st_rdev = 0, st_size = 4096, st_blksize = 4096, st_blocks = 8, st_atim = {tv_sec = 1501277594, tv_nsec = 44228867},
st_mtim = {tv_sec = 1501277594, tv_nsec = 44228867}, st_ctim = {tv_sec = 1501277594, tv_nsec = 44228867}, __glibc_reserved = {0, 0, 0}}
__func__ = "main"
(gdb) info threads
Id Target Id Frame
* 1 Thread 0x7f0535905700 (LWP 25615) 0x00005570ff083fb9 in main (argc=3, argv=0x7ffe202f4928) at main.c:2646
Victor Seva (being the maintainer of the kamailio package) already
tried to build libssl with https://github.com/openssl/openssl/commit/4b4bc00a00456e6d5cc8b2a26489ae905c049f41
and also include https://github.com/kamailio/kamailio/commit/e7c03ce6ce61119fbf5cb9f41b7abcd4c7138d58
+ https://github.com/kamailio/kamailio/commit/76efc9b7a1489007f9ff431e730ce4e86b446a6c
within the kamailio package, though this doesn't seem to change
anything.
Kurt, do you have any ideas what might go wrong in OPENSSL_cleanup
here and how this could be fixed? We'd appreciate any hints. Thanks!
regards,
-mika-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20170729/8bcdbb53/attachment.sig>
More information about the Pkg-openssl-devel
mailing list