|
|
|
 |
|
| 제목 |
Centos 6.x 업데이트 후 세그멘트 오류.버그처리 |
|
| 구분 |
리눅스 |
작성일 |
2016-03-19 |
조회수 |
4877 |
|
CentOS Bug Tracker - CentOS-6 | | View Issue Details |
| | ID | Project | Category | View Status | Date Submitted | Last Update | | 0007399 | CentOS-6 | nss | public | 2014-07-19 00:33 | 2016-03-17 17:51 |
| | Reporter | Ben Marsh | | | Priority | normal | Severity | crash | Reproducibility | always | | Status | new | Resolution | open | | | Platform | x86_64 | OS | CentOs | OS Version | 6.5 | | Product Version | 6.5 | | | Target Version | | Fixed in Version | | |
| | Summary | 0007399: Segfault in libnss when using libcurl from php | | Description |
I have been using a php app on a compiled version of php 5.2.17. When we upgraded to Centos 6.5 we started getting segfaults in apache error log file. I extracted the source code that seemed to trigger it and when I run it seperately it segfaults every time:
$ tools/php-5.2.17/bin/php test1.php
* About to connect() to www.google.com port 443 (#0)
* Trying 74.125.192.103... * connected
* Connected to www.google.com (74.125.192.103) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
Segmentation fault (core dumped)
When the url in the script is changed to use HTTP instead of HTTPS, there is no segfault. | | Steps To Reproduce | Run the script:
$ cat test1.php
< ?php
$urlEndPoint = "https://www.google.com/search"; [^]
$headerArray = array();
$ch = curl_init();
curl_setopt($ch,CURLOPT_POST,true);
curl_setopt($ch,CURLOPT_URL, $urlEndPoint);
/*curl_setopt($ch,CURLOPT_HTTPHEADER, $headerArray);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postArray); */
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_HEADER, true);
curl_setopt($ch,CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0');
curl_setopt($ch, CURLOPT_VERBOSE, true);
if (!$result = curl_exec($ch)) {
print (curl_error($ch));
}
curl_close ($ch);
echo print_r($result,true);
?> | | Additional Information | I can get arround this by replacing libcurl rpms with ones from: http://mirror.city-fan.org/ftp/contrib/sysutils/Mirroring/. [^] Specifically:
$ ls *.rpm
c-ares-1.10.0-3.0.cf.rhel6.x86_64.rpm
curl-7.37.1-1.1.cf.rhel6.x86_64.rpm
libcurl-7.37.1-1.1.cf.rhel6.x86_64.rpm
libmetalink-0.1.2-5.rhel6.x86_64.rpm
libssh2-1.4.3-13.0.cf.rhel6.x86_64.rpm | | Tags | No tags attached. | | Relationships | | | Attached Files | |
| | Issue History | | Date Modified | Username | Field | Change | | 2014-07-19 00:33 | Ben Marsh | New Issue | | | 2014-07-19 00:57 | Ben Marsh | Note Added: 0020471 | | | 2014-07-23 18:31 | Ben Marsh | Note Added: 0020511 | | | 2015-02-24 23:01 | jaw123 | Note Added: 0022402 | | | 2015-02-24 23:52 | Evolution | Note Added: 0022404 | | | 2015-02-25 00:47 | jaw123 | Note Added: 0022406 | | | 2015-02-25 13:20 | Evolution | Note Added: 0022412 | | | 2015-02-25 17:07 | jaw123 | Note Added: 0022418 | | | 2015-12-01 10:57 | skyline42sh | Note Added: 0024945 | | | 2016-03-17 17:40 | st41ker | Note Added: 0026067 | |
| Notes |
| | [root@almsweb02 bmarsh]# gdb /farms/alms/52v1/tools/php-5.2.17/bin/php
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-64.el6_5.2)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> [^]
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
< http://www.gnu.org/software/gdb/bugs/>... [^]
Reading symbols from /farms/alms/52v1/tools/php-5.2.17/bin/php...done.
(gdb) run test1.php
Starting program: /farms/alms/52v1/tools/php-5.2.17/bin/php test1.php
[Thread debugging using libthread_db enabled]
* About to connect() to www.google.com port 443 (#0)
* Trying 74.125.192.99... * connected
* Connected to www.google.com (74.125.192.99) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff09fae9c in sqlite3_file_control () from /usr/lib64/libsqlite3.so.0
Missing separate debuginfos, use: debuginfo-install cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64 glibc-2.12-1.132.el6.x86_64 keyutils-libs-1.4-4.el6.x86_64 krb5-libs-1.10.3-15.el6_5.1.x86_64 libcom_err-1.41.12-18.el6.x86_64 libcurl-7.19.7-37.el6_4.x86_64 libidn-1.18-2.el6.x86_64 libjpeg-turbo-1.2.1-3.el6_5.x86_64 libmcrypt-2.5.8-9.el6.x86_64 libpng-1.2.49-1.el6_2.x86_64 libselinux-2.0.94-5.3.el6_4.1.x86_64 libssh2-1.4.2-1.el6.x86_64 libtool-ltdl-2.2.6-15.5.el6.x86_64 libxml2-2.7.6-14.el6.x86_64 mysql-libs-5.1.73-3.el6_5.x86_64 nspr-4.10.2-1.el6_5.x86_64 nss-3.15.3-6.el6_5.x86_64 nss-softokn-3.14.3-10.el6_5.x86_64 nss-softokn-freebl-3.14.3-10.el6_5.x86_64 nss-sysinit-3.15.3-6.el6_5.x86_64 nss-util-3.15.3-1.el6_5.x86_64 openldap-2.4.23-34.el6_5.1.x86_64 openssl-1.0.1e-16.el6_5.7.x86_64 sqlite-3.6.20-1.el6.x86_64 zlib-1.2.3-29.el6.x86_64
(gdb) bt
#0 0x00007ffff09fae9c in sqlite3_file_control ()
from /usr/lib64/libsqlite3.so.0
#1 0x00007ffff0c91130 in ?? () from /usr/lib64/libsoftokn3.so
#2 0x00007ffff0c91880 in ?? () from /usr/lib64/libsoftokn3.so
#3 0x00007ffff0c96b16 in ?? () from /usr/lib64/libsoftokn3.so
#4 0x00007ffff0c7de0b in ?? () from /usr/lib64/libsoftokn3.so
#5 0x00007ffff0c7e11e in ?? () from /usr/lib64/libsoftokn3.so
#6 0x00007ffff0c7e546 in ?? () from /usr/lib64/libsoftokn3.so
#7 0x00007ffff0c7e609 in ?? () from /usr/lib64/libsoftokn3.so
#8 0x00000034b6437457 in ?? () from /usr/lib64/libnss3.so
#9 0x00000034b6437dd7 in ?? () from /usr/lib64/libnss3.so
#10 0x00000034b644b6da in SECMOD_LoadModule () from /usr/lib64/libnss3.so
#11 0x00000034b644b7d0 in SECMOD_LoadModule () from /usr/lib64/libnss3.so
#12 0x00000034b644b7d0 in SECMOD_LoadModule () from /usr/lib64/libnss3.so
#13 0x00000034b641aa94 in ?? () from /usr/lib64/libnss3.so
#14 0x00000034b641b261 in NSS_InitContext () from /usr/lib64/libnss3.so
#15 0x00000034ba440450 in ?? () from /usr/lib64/libcurl.so.4
#16 0x00000034ba440603 in Curl_nss_connect () from /usr/lib64/libcurl.so.4
#17 0x00000034ba438482 in Curl_ssl_connect () from /usr/lib64/libcurl.so.4
#18 0x00000034ba416ecb in Curl_http_connect () from /usr/lib64/libcurl.so.4
#19 0x00000034ba41d682 in Curl_protocol_connect () from /usr/lib64/libcurl.so.4
#20 0x00000034ba423b3c in Curl_connect () from /usr/lib64/libcurl.so.4
#21 0x00000034ba42bbb0 in Curl_perform () from /usr/lib64/libcurl.so.4
#22 0x00000000004b4227 in zif_curl_exec (ht=,
return_value=0xf98eb8, return_value_ptr=,
this_ptr=, return_value_used=)
at /build/alms-php5/php-5.2.17/ext/curl/interface.c:1853
#23 0x00007ffff13a676c in ?? ()
from /farms/alms/52v1/tools/Zend/ZendOptimizer.so
#24 0x00007ffff1401075 in ?? ()
from /farms/alms/52v1/tools/Zend/ZendOptimizer.so
#25 0x00007ffff1401325 in ?? ()
from /farms/alms/52v1/tools/Zend/ZendOptimizer.so
#26 0x0000000000742215 in ZEND_USER_OPCODE_SPEC_HANDLER (
execute_data=0x7fffffffbd90)
at /build/alms-php5/php-5.2.17/Zend/zend_vm_execute.h:617
#27 0x000000000074638c in execute (op_array=0xf98760)
at /build/alms-php5/php-5.2.17/Zend/zend_vm_execute.h:92
#28 0x00007ffff140190f in zend_oe ()
from /farms/alms/52v1/tools/Zend/ZendOptimizer.so
#29 0x0000000000722a77 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /build/alms-php5/php-5.2.17/Zend/zend.c:1134
#30 0x00000000006df668 in php_execute_script (primary_file=0x7fffffffe410)
at /build/alms-php5/php-5.2.17/main/main.c:2036
#31 0x00000000007976ab in main (argc=2, argv=0x7fffffffe608)
at /build/alms-php5/php-5.2.17/sapi/cli/php_cli.c:1165
(gdb) |
|
| | This still occurs with:
nss-3.16.1-4.el6_5.x86_64
curl-7.19.7-37.el6_5.3.x86_64
libcurl-7.19.7-37.el6_5.3.x86_64 |
|
| | (0022402) | | jaw123 | | 2015-02-24 23:01 |
| | Did you ever solve this one? I have the same exact issue, and my gdb results look the same. |
|
| | The packages listed are out of date.
nss should be 3.16.2.3-3.el6_6
curl and libcurl should be 7.19.7-40.el6_6.3
Unless this can be duplicated with current packages and the distribution supplied php (not a custom compiled one) I'm inclined to close this (now) as not-a-bug. |
|
| | (0022406) | | jaw123 | | 2015-02-25 00:47 |
| | In my case, I'm using the latest packages (including the ones you mentioned). But I'm also using a build of PHP 5.2.17 from source, rather than the distribution version. |
|
| | | I would very much recommend against that, as php 5.2.xx is unsupported, and has a great many known security vulnerabilities. Using it will lead to tears. |
|
| | (0022418) | | jaw123 | | 2015-02-25 17:07 |
| | Agreed. This is to support some legacy apps. I managed to avoid this error by compiling PHP using "--without-pdo-sqlite", although I don't really trust that solution. |
|
| | Hello !
I have the same issue, and gdb results look the same.
An upgrade of PHP or HTTPD is needed ?
If yes, in which minimal version ?
Thanks,
Skyline |
|
| | Quick fix:
mv /etc/pki/nssdb /etc/pki/nssdb.bak
yum -y reinstall nss
And, if you've had custom certificates in DBs located under /etc/pki/nssdb.bak, then re-export it via sqlite tool. |
|
|
|
|
 |
|
회원가입
02-3394-5765
