2018-01-22 06:08 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0007399CentOS-6nsspublic2016-07-21 16:29
ReporterBen Marsh 
PrioritynormalSeveritycrashReproducibilityalways
StatusnewResolutionopen 
Platformx86_64OSCentOsOS Version6.5
Product Version6.5 
Target VersionFixed in Version 
Summary0007399: Segfault in libnss when using libcurl from php
Description
I have been using a php app on a compiled version of php 5.2.17. When we upgraded to Centos 6.5 we started getting segfaults in apache error log file. I extracted the source code that seemed to trigger it and when I run it seperately it segfaults every time:

$ tools/php-5.2.17/bin/php test1.php
* About to connect() to www.google.com port 443 (#0)
* Trying 74.125.192.103... * connected
* Connected to www.google.com (74.125.192.103) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
Segmentation fault (core dumped)

When the url in the script is changed to use HTTP instead of HTTPS, there is no segfault.
Steps To ReproduceRun the script:
$ cat test1.php
<?php
        $urlEndPoint = "https://www.google.com/search";
        $headerArray = array();
        $ch = curl_init();
        curl_setopt($ch,CURLOPT_POST,true);

        curl_setopt($ch,CURLOPT_URL, $urlEndPoint);
        /*curl_setopt($ch,CURLOPT_HTTPHEADER, $headerArray);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $postArray); */

        curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
        curl_setopt($ch,CURLOPT_HEADER, true);
        curl_setopt($ch,CURLOPT_FOLLOWLOCATION, false);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0');
        curl_setopt($ch, CURLOPT_VERBOSE, true);

        if (!$result = curl_exec($ch)) {
            print (curl_error($ch));
        }

        curl_close ($ch);

        echo print_r($result,true);
?>
Additional InformationI can get arround this by replacing libcurl rpms with ones from: http://mirror.city-fan.org/ftp/contrib/sysutils/Mirroring/. Specifically:

$ ls *.rpm
c-ares-1.10.0-3.0.cf.rhel6.x86_64.rpm
curl-7.37.1-1.1.cf.rhel6.x86_64.rpm
libcurl-7.37.1-1.1.cf.rhel6.x86_64.rpm
libmetalink-0.1.2-5.rhel6.x86_64.rpm
libssh2-1.4.3-13.0.cf.rhel6.x86_64.rpm
TagsNo tags attached.
Attached Files

-Relationships
+Relationships

-Notes

~0020471

Ben Marsh (reporter)

[root@almsweb02 bmarsh]# gdb /farms/alms/52v1/tools/php-5.2.17/bin/php
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-64.el6_5.2)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /farms/alms/52v1/tools/php-5.2.17/bin/php...done.
(gdb) run test1.php
Starting program: /farms/alms/52v1/tools/php-5.2.17/bin/php test1.php
[Thread debugging using libthread_db enabled]
* About to connect() to www.google.com port 443 (#0)
* Trying 74.125.192.99... * connected
* Connected to www.google.com (74.125.192.99) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff09fae9c in sqlite3_file_control () from /usr/lib64/libsqlite3.so.0
Missing separate debuginfos, use: debuginfo-install cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64 glibc-2.12-1.132.el6.x86_64 keyutils-libs-1.4-4.el6.x86_64 krb5-libs-1.10.3-15.el6_5.1.x86_64 libcom_err-1.41.12-18.el6.x86_64 libcurl-7.19.7-37.el6_4.x86_64 libidn-1.18-2.el6.x86_64 libjpeg-turbo-1.2.1-3.el6_5.x86_64 libmcrypt-2.5.8-9.el6.x86_64 libpng-1.2.49-1.el6_2.x86_64 libselinux-2.0.94-5.3.el6_4.1.x86_64 libssh2-1.4.2-1.el6.x86_64 libtool-ltdl-2.2.6-15.5.el6.x86_64 libxml2-2.7.6-14.el6.x86_64 mysql-libs-5.1.73-3.el6_5.x86_64 nspr-4.10.2-1.el6_5.x86_64 nss-3.15.3-6.el6_5.x86_64 nss-softokn-3.14.3-10.el6_5.x86_64 nss-softokn-freebl-3.14.3-10.el6_5.x86_64 nss-sysinit-3.15.3-6.el6_5.x86_64 nss-util-3.15.3-1.el6_5.x86_64 openldap-2.4.23-34.el6_5.1.x86_64 openssl-1.0.1e-16.el6_5.7.x86_64 sqlite-3.6.20-1.el6.x86_64 zlib-1.2.3-29.el6.x86_64
(gdb) bt
#0 0x00007ffff09fae9c in sqlite3_file_control ()
   from /usr/lib64/libsqlite3.so.0
#1 0x00007ffff0c91130 in ?? () from /usr/lib64/libsoftokn3.so
#2 0x00007ffff0c91880 in ?? () from /usr/lib64/libsoftokn3.so
#3 0x00007ffff0c96b16 in ?? () from /usr/lib64/libsoftokn3.so
#4 0x00007ffff0c7de0b in ?? () from /usr/lib64/libsoftokn3.so
#5 0x00007ffff0c7e11e in ?? () from /usr/lib64/libsoftokn3.so
#6 0x00007ffff0c7e546 in ?? () from /usr/lib64/libsoftokn3.so
#7 0x00007ffff0c7e609 in ?? () from /usr/lib64/libsoftokn3.so
#8 0x00000034b6437457 in ?? () from /usr/lib64/libnss3.so
#9 0x00000034b6437dd7 in ?? () from /usr/lib64/libnss3.so
#10 0x00000034b644b6da in SECMOD_LoadModule () from /usr/lib64/libnss3.so
#11 0x00000034b644b7d0 in SECMOD_LoadModule () from /usr/lib64/libnss3.so
#12 0x00000034b644b7d0 in SECMOD_LoadModule () from /usr/lib64/libnss3.so
#13 0x00000034b641aa94 in ?? () from /usr/lib64/libnss3.so
#14 0x00000034b641b261 in NSS_InitContext () from /usr/lib64/libnss3.so
#15 0x00000034ba440450 in ?? () from /usr/lib64/libcurl.so.4
#16 0x00000034ba440603 in Curl_nss_connect () from /usr/lib64/libcurl.so.4
#17 0x00000034ba438482 in Curl_ssl_connect () from /usr/lib64/libcurl.so.4
#18 0x00000034ba416ecb in Curl_http_connect () from /usr/lib64/libcurl.so.4
#19 0x00000034ba41d682 in Curl_protocol_connect () from /usr/lib64/libcurl.so.4
#20 0x00000034ba423b3c in Curl_connect () from /usr/lib64/libcurl.so.4
#21 0x00000034ba42bbb0 in Curl_perform () from /usr/lib64/libcurl.so.4
#22 0x00000000004b4227 in zif_curl_exec (ht=<value optimized out>,
    return_value=0xf98eb8, return_value_ptr=<value optimized out>,
    this_ptr=<value optimized out>, return_value_used=<value optimized out>)
    at /build/alms-php5/php-5.2.17/ext/curl/interface.c:1853
#23 0x00007ffff13a676c in ?? ()
   from /farms/alms/52v1/tools/Zend/ZendOptimizer.so
#24 0x00007ffff1401075 in ?? ()
   from /farms/alms/52v1/tools/Zend/ZendOptimizer.so
#25 0x00007ffff1401325 in ?? ()
   from /farms/alms/52v1/tools/Zend/ZendOptimizer.so
#26 0x0000000000742215 in ZEND_USER_OPCODE_SPEC_HANDLER (
    execute_data=0x7fffffffbd90)
    at /build/alms-php5/php-5.2.17/Zend/zend_vm_execute.h:617
#27 0x000000000074638c in execute (op_array=0xf98760)
    at /build/alms-php5/php-5.2.17/Zend/zend_vm_execute.h:92
#28 0x00007ffff140190f in zend_oe ()
   from /farms/alms/52v1/tools/Zend/ZendOptimizer.so
#29 0x0000000000722a77 in zend_execute_scripts (type=8, retval=0x0,
    file_count=3) at /build/alms-php5/php-5.2.17/Zend/zend.c:1134
#30 0x00000000006df668 in php_execute_script (primary_file=0x7fffffffe410)
    at /build/alms-php5/php-5.2.17/main/main.c:2036
#31 0x00000000007976ab in main (argc=2, argv=0x7fffffffe608)
    at /build/alms-php5/php-5.2.17/sapi/cli/php_cli.c:1165
(gdb)

~0020511

Ben Marsh (reporter)

This still occurs with:
nss-3.16.1-4.el6_5.x86_64
curl-7.19.7-37.el6_5.3.x86_64
libcurl-7.19.7-37.el6_5.3.x86_64

~0022402

jaw123 (reporter)

Did you ever solve this one? I have the same exact issue, and my gdb results look the same.

~0022404

Evolution (administrator)

The packages listed are out of date.

nss should be 3.16.2.3-3.el6_6
curl and libcurl should be 7.19.7-40.el6_6.3


Unless this can be duplicated with current packages and the distribution supplied php (not a custom compiled one) I'm inclined to close this (now) as not-a-bug.

~0022406

jaw123 (reporter)

In my case, I'm using the latest packages (including the ones you mentioned). But I'm also using a build of PHP 5.2.17 from source, rather than the distribution version.

~0022412

Evolution (administrator)

I would very much recommend against that, as php 5.2.xx is unsupported, and has a great many known security vulnerabilities. Using it will lead to tears.

~0022418

jaw123 (reporter)

Agreed. This is to support some legacy apps. I managed to avoid this error by compiling PHP using "--without-pdo-sqlite", although I don't really trust that solution.

~0024945

skyline42sh (reporter)

Hello !

I have the same issue, and gdb results look the same.

An upgrade of PHP or HTTPD is needed ?

If yes, in which minimal version ?

Thanks,
Skyline

~0026067

st41ker (reporter)

Quick fix:

mv /etc/pki/nssdb /etc/pki/nssdb.bak
yum -y reinstall nss

And, if you've had custom certificates in DBs located under /etc/pki/nssdb.bak, then re-export it via sqlite tool.

~0027065

blalor (reporter)

@st41ker's advice put me in the right direction. I believe the issue is actually with the nss-softokn package and a preliminary test of upgrading it (while leaving the files in /etc/pki/nssdb in place) resolved the issue.

~0027104

blalor (reporter)

Sadly, this has not been the case. Removing /etc/pki/nssdb/pkcs11.txt and /etc/pki/nssdb/cert9.db seem to be the key, here. :-(

~0027105

blalor (reporter)

Sadly, this has not been the case. Removing /etc/pki/nssdb/pkcs11.txt and /etc/pki/nssdb/cert9.db seem to be the key, here. :-(
+Notes

-Issue History
Date Modified Username Field Change
2014-07-19 00:33 Ben Marsh New Issue
2014-07-19 00:57 Ben Marsh Note Added: 0020471
2014-07-23 18:31 Ben Marsh Note Added: 0020511
2015-02-24 23:01 jaw123 Note Added: 0022402
2015-02-24 23:52 Evolution Note Added: 0022404
2015-02-25 00:47 jaw123 Note Added: 0022406
2015-02-25 13:20 Evolution Note Added: 0022412
2015-02-25 17:07 jaw123 Note Added: 0022418
2015-12-01 10:57 skyline42sh Note Added: 0024945
2016-03-17 17:40 st41ker Note Added: 0026067
2016-07-15 20:58 blalor Note Added: 0027065
2016-07-21 16:23 blalor Note Added: 0027104
2016-07-21 16:29 blalor Note Added: 0027105
+Issue History