Skip to content

Clean up OpenSSL engine list when OpenSSL 1.0.2 used #9767

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Clean up OpenSSL engine list when OpenSSL 1.0.2 used #9767

wants to merge 1 commit into from

Conversation

bukka
Copy link
Member

@bukka bukka commented Oct 17, 2022
edited
Loading

This is an attempt to fix GH-8620 . The problem is that OpenSSL adds new engine (rdrand in the reported case) but it doesn't clean up the engines. It means that internally in OpenSSL 1.0.2, the engine_list_head is still set even after OpenSSL reference drops to zero and then curl tries to clean it up and it crashes. Interestingly it happens only when shared ldap extension is in the mix which might be related to the fact that it might be somehow releasing the reference too. So the idea of this fix is to clear the engine list before curl tries to clear it so it is empty at that time.

@remicollet Unfortunately I'm unable to test it - tried to compile it but no segfault there - it happens for me only with RPM including your RPM's (both php81 and php82) that I tried on Amazon Linux 2 so I assume it might be also visible on CentOS 7 and even RHEL 7 (if you could check that would be awesome). Please would you be able to test this by packaging RPM with this fix (think it should apply cleanly to 8.1 and 8.2 too but also present on 8.0 which I test it with distro package)?

I was just able to get segfault by installing php81 and php81-php-ldap from your repo and then executing this script:

<?php
$connection = ldap_connect("ldaps://ldap.google.com");
$bind_results = ldap_bind($connection, 'AnyUsername','AnyPassword');

If you can't recreate it and you are able to provide the RPM and steps how to test it on Amazon Linux 2, I can potentially try it too.

@bukka bukka mentioned this pull request Oct 17, 2022
Open
@bukka
Copy link
Member Author

bukka commented Oct 22, 2022

After a bit of thinking I decided to merge it to 8.2 ( 1ef65c1 ) for now as we should really clean up the engine list in any case. If it fixes the reported problem, I will back port it...

@bukka bukka closed this Oct 22, 2022
@remicollet
Copy link
Member

remicollet commented Nov 24, 2022
edited
Loading

@remicollet Unfortunately I'm unable to test it - tried to compile it but no segfault there - it happens for me only with RPM including your RPM's (both php81 and php82) that I tried on Amazon Linux 2 so I assume it might be also visible on CentOS 7 and even RHEL 7 (if you could check that would be awesome). Please would you be able to test this by packaging RPM with this fix (think it should apply cleanly to 8.1 and 8.2 too but also present on 8.0 which I test it with distro package)?

On CentOS-7, with my repository

in "remi", php82-php-ldap-8.2.0 rc7-20.el7 (upstream version with this fix) => segfault.
in "remi-test", php82-php-ldap-8.2.0 rc7-21.el7 (with this fix reverted) => no segfault

So please revert

@bukka
Copy link
Member Author

bukka commented Nov 24, 2022

Should be fixed by 3d90a24

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Extension: openssl
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bukka @remicollet