View Issue Details

IDProjectCategoryView StatusLast Update
0007399CentOS-6nsspublic2016-07-21 16:29
ReporterBen Marsh 
PrioritynormalSeveritycrashReproducibilityalways
Status newResolutionopen 
Platformx86_64OSCentOsOS Version6.5
Product Version6.5 
Target VersionFixed in Version 
Summary0007399: Segfault in libnss when using libcurl from php
Description
I have been using a php app on a compiled version of php 5.2.17. When we upgraded to Centos 6.5 we started getting segfaults in apache error log file. I extracted the source code that seemed to trigger it and when I run it seperately it segfaults every time:

$ tools/php-5.2.17/bin/php test1.php
* About to connect() to www.google.com port 443 (#0)
* Trying 74.125.192.103... * connected
* Connected to www.google.com (74.125.192.103) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
Segmentation fault (core dumped)

When the url in the script is changed to use HTTP instead of HTTPS, there is no segfault.
Steps To ReproduceRun the script:
$ cat test1.php
<?php
        $urlEndPoint = "https://www.google.com/search";
        $headerArray = array();
        $ch = curl_init();
        curl_setopt($ch,CURLOPT_POST,true);

        curl_setopt($ch,CURLOPT_URL, $urlEndPoint);
        /*curl_setopt($ch,CURLOPT_HTTPHEADER, $headerArray);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $postArray); */

        curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
        curl_setopt($ch,CURLOPT_HEADER, true);
        curl_setopt($ch,CURLOPT_FOLLOWLOCATION, false);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0');
        curl_setopt($ch, CURLOPT_VERBOSE, true);

        if (!$result = curl_exec($ch)) {
            print (curl_error($ch));
        }

        curl_close ($ch);

        echo print_r($result,true);
?>
Additional InformationI can get arround this by replacing libcurl rpms with ones from: http://mirror.city-fan.org/ftp/contrib/sysutils/Mirroring/. Specifically:

$ ls *.rpm
c-ares-1.10.0-3.0.cf.rhel6.x86_64.rpm
curl-7.37.1-1.1.cf.rhel6.x86_64.rpm
libcurl-7.37.1-1.1.cf.rhel6.x86_64.rpm
libmetalink-0.1.2-5.rhel6.x86_64.rpm
libssh2-1.4.3-13.0.cf.rhel6.x86_64.rpm
TagsNo tags attached.

Activities

Ben Marsh

Ben Marsh

2014-07-19 00:57

reporter   ~0020471

[root@almsweb02 bmarsh]# gdb /farms/alms/52v1/tools/php-5.2.17/bin/php
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-64.el6_5.2)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /farms/alms/52v1/tools/php-5.2.17/bin/php...done.
(gdb) run test1.php
Starting program: /farms/alms/52v1/tools/php-5.2.17/bin/php test1.php
[Thread debugging using libthread_db enabled]
* About to connect() to www.google.com port 443 (#0)
* Trying 74.125.192.99... * connected
* Connected to www.google.com (74.125.192.99) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff09fae9c in sqlite3_file_control () from /usr/lib64/libsqlite3.so.0
Missing separate debuginfos, use: debuginfo-install cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64 glibc-2.12-1.132.el6.x86_64 keyutils-libs-1.4-4.el6.x86_64 krb5-libs-1.10.3-15.el6_5.1.x86_64 libcom_err-1.41.12-18.el6.x86_64 libcurl-7.19.7-37.el6_4.x86_64 libidn-1.18-2.el6.x86_64 libjpeg-turbo-1.2.1-3.el6_5.x86_64 libmcrypt-2.5.8-9.el6.x86_64 libpng-1.2.49-1.el6_2.x86_64 libselinux-2.0.94-5.3.el6_4.1.x86_64 libssh2-1.4.2-1.el6.x86_64 libtool-ltdl-2.2.6-15.5.el6.x86_64 libxml2-2.7.6-14.el6.x86_64 mysql-libs-5.1.73-3.el6_5.x86_64 nspr-4.10.2-1.el6_5.x86_64 nss-3.15.3-6.el6_5.x86_64 nss-softokn-3.14.3-10.el6_5.x86_64 nss-softokn-freebl-3.14.3-10.el6_5.x86_64 nss-sysinit-3.15.3-6.el6_5.x86_64 nss-util-3.15.3-1.el6_5.x86_64 openldap-2.4.23-34.el6_5.1.x86_64 openssl-1.0.1e-16.el6_5.7.x86_64 sqlite-3.6.20-1.el6.x86_64 zlib-1.2.3-29.el6.x86_64
(gdb) bt
#0 0x00007ffff09fae9c in sqlite3_file_control ()
   from /usr/lib64/libsqlite3.so.0
#1 0x00007ffff0c91130 in ?? () from /usr/lib64/libsoftokn3.so
#2 0x00007ffff0c91880 in ?? () from /usr/lib64/libsoftokn3.so
#3 0x00007ffff0c96b16 in ?? () from /usr/lib64/libsoftokn3.so
#4 0x00007ffff0c7de0b in ?? () from /usr/lib64/libsoftokn3.so
#5 0x00007ffff0c7e11e in ?? () from /usr/lib64/libsoftokn3.so
#6 0x00007ffff0c7e546 in ?? () from /usr/lib64/libsoftokn3.so
#7 0x00007ffff0c7e609 in ?? () from /usr/lib64/libsoftokn3.so
#8 0x00000034b6437457 in ?? () from /usr/lib64/libnss3.so
#9 0x00000034b6437dd7 in ?? () from /usr/lib64/libnss3.so
#10 0x00000034b644b6da in SECMOD_LoadModule () from /usr/lib64/libnss3.so
#11 0x00000034b644b7d0 in SECMOD_LoadModule () from /usr/lib64/libnss3.so
#12 0x00000034b644b7d0 in SECMOD_LoadModule () from /usr/lib64/libnss3.so
#13 0x00000034b641aa94 in ?? () from /usr/lib64/libnss3.so
#14 0x00000034b641b261 in NSS_InitContext () from /usr/lib64/libnss3.so
#15 0x00000034ba440450 in ?? () from /usr/lib64/libcurl.so.4
#16 0x00000034ba440603 in Curl_nss_connect () from /usr/lib64/libcurl.so.4
#17 0x00000034ba438482 in Curl_ssl_connect () from /usr/lib64/libcurl.so.4
#18 0x00000034ba416ecb in Curl_http_connect () from /usr/lib64/libcurl.so.4
#19 0x00000034ba41d682 in Curl_protocol_connect () from /usr/lib64/libcurl.so.4
#20 0x00000034ba423b3c in Curl_connect () from /usr/lib64/libcurl.so.4
#21 0x00000034ba42bbb0 in Curl_perform () from /usr/lib64/libcurl.so.4
#22 0x00000000004b4227 in zif_curl_exec (ht=<value optimized out>,
    return_value=0xf98eb8, return_value_ptr=<value optimized out>,
    this_ptr=<value optimized out>, return_value_used=<value optimized out>)
    at /build/alms-php5/php-5.2.17/ext/curl/interface.c:1853
#23 0x00007ffff13a676c in ?? ()
   from /farms/alms/52v1/tools/Zend/ZendOptimizer.so
#24 0x00007ffff1401075 in ?? ()
   from /farms/alms/52v1/tools/Zend/ZendOptimizer.so
#25 0x00007ffff1401325 in ?? ()
   from /farms/alms/52v1/tools/Zend/ZendOptimizer.so
#26 0x0000000000742215 in ZEND_USER_OPCODE_SPEC_HANDLER (
    execute_data=0x7fffffffbd90)
    at /build/alms-php5/php-5.2.17/Zend/zend_vm_execute.h:617
#27 0x000000000074638c in execute (op_array=0xf98760)
    at /build/alms-php5/php-5.2.17/Zend/zend_vm_execute.h:92
#28 0x00007ffff140190f in zend_oe ()
   from /farms/alms/52v1/tools/Zend/ZendOptimizer.so
#29 0x0000000000722a77 in zend_execute_scripts (type=8, retval=0x0,
    file_count=3) at /build/alms-php5/php-5.2.17/Zend/zend.c:1134
#30 0x00000000006df668 in php_execute_script (primary_file=0x7fffffffe410)
    at /build/alms-php5/php-5.2.17/main/main.c:2036
#31 0x00000000007976ab in main (argc=2, argv=0x7fffffffe608)
    at /build/alms-php5/php-5.2.17/sapi/cli/php_cli.c:1165
(gdb)
Ben Marsh

Ben Marsh

2014-07-23 18:31

reporter   ~0020511

This still occurs with:
nss-3.16.1-4.el6_5.x86_64
curl-7.19.7-37.el6_5.3.x86_64
libcurl-7.19.7-37.el6_5.3.x86_64
jaw123

jaw123

2015-02-24 23:01

reporter   ~0022402

Did you ever solve this one? I have the same exact issue, and my gdb results look the same.
Evolution

Evolution

2015-02-24 23:52

administrator   ~0022404

The packages listed are out of date.

nss should be 3.16.2.3-3.el6_6
curl and libcurl should be 7.19.7-40.el6_6.3


Unless this can be duplicated with current packages and the distribution supplied php (not a custom compiled one) I'm inclined to close this (now) as not-a-bug.
jaw123

jaw123

2015-02-25 00:47

reporter   ~0022406

In my case, I'm using the latest packages (including the ones you mentioned). But I'm also using a build of PHP 5.2.17 from source, rather than the distribution version.
Evolution

Evolution

2015-02-25 13:20

administrator   ~0022412

I would very much recommend against that, as php 5.2.xx is unsupported, and has a great many known security vulnerabilities. Using it will lead to tears.
jaw123

jaw123

2015-02-25 17:07

reporter   ~0022418

Agreed. This is to support some legacy apps. I managed to avoid this error by compiling PHP using "--without-pdo-sqlite", although I don't really trust that solution.
skyline42sh

skyline42sh

2015-12-01 10:57

reporter   ~0024945

Hello !

I have the same issue, and gdb results look the same.

An upgrade of PHP or HTTPD is needed ?

If yes, in which minimal version ?

Thanks,
Skyline
st41ker

st41ker

2016-03-17 17:40

reporter   ~0026067

Quick fix:

mv /etc/pki/nssdb /etc/pki/nssdb.bak
yum -y reinstall nss

And, if you've had custom certificates in DBs located under /etc/pki/nssdb.bak, then re-export it via sqlite tool.
blalor

blalor

2016-07-15 20:58

reporter   ~0027065

@st41ker's advice put me in the right direction. I believe the issue is actually with the nss-softokn package and a preliminary test of upgrading it (while leaving the files in /etc/pki/nssdb in place) resolved the issue.
blalor

blalor

2016-07-21 16:23

reporter   ~0027104

Sadly, this has not been the case. Removing /etc/pki/nssdb/pkcs11.txt and /etc/pki/nssdb/cert9.db seem to be the key, here. :-(
blalor

blalor

2016-07-21 16:29

reporter   ~0027105

Sadly, this has not been the case. Removing /etc/pki/nssdb/pkcs11.txt and /etc/pki/nssdb/cert9.db seem to be the key, here. :-(

Issue History

Date Modified Username Field Change
2014-07-19 00:33 Ben Marsh New Issue
2014-07-19 00:57 Ben Marsh Note Added: 0020471
2014-07-23 18:31 Ben Marsh Note Added: 0020511
2015-02-24 23:01 jaw123 Note Added: 0022402
2015-02-24 23:52 Evolution Note Added: 0022404
2015-02-25 00:47 jaw123 Note Added: 0022406
2015-02-25 13:20 Evolution Note Added: 0022412
2015-02-25 17:07 jaw123 Note Added: 0022418
2015-12-01 10:57 skyline42sh Note Added: 0024945
2016-03-17 17:40 st41ker Note Added: 0026067
2016-07-15 20:58 blalor Note Added: 0027065
2016-07-21 16:23 blalor Note Added: 0027104
2016-07-21 16:29 blalor Note Added: 0027105