Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-760

LP:977571 - Exported YaSSL symbols conflict with OpenSSL, crash Apache

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Resolution: Fixed
    • None
    • None
    • None

    Description

      Apache with mod_ssl loaded dies with a SIGSEGV if it has been dynamically linked against MariaDB 5.3.6.
      If I downgrade to MariaDB 5.3.5, the problem goes away.

      I used "nm -P -s -g /usr/lib64/mysql/libmysqlclient_r.so" from both 5.3.5 and 5.3.6 to get a list of exported symbols, and then did a diff to see what changed. Right at the top of the list, we have the culprit:

      — /tmp/mariadb-5.3.5.symbols 2012-04-09 17:03:09.916073329 -0400
      +++ /tmp/mariadb-5.3.6.symbols 2012-04-09 17:02:43.412084697 -0400
      @@ -1,3 +1,7 @@
      +CRYPTO_add_lock T
      +CRYPTO_lock T
      +CRYPTO_mem_ctrl T
      +EVP_CIPHER_CTX_init T
      TERMINATE T

      These symbols being exported from libmysqlclient_r.so are owned by OpenSSL (libcrypto.so). After Apache loads both libcrypto.so and libmysqlclient, it winds up using the MariaDB versions from YaSSL, which causes ssl_init_ModuleKill() to become very unhappy:

      [MariaDB 5.3.5 is currently loaded, and httpd fires up.]
      ~# httpd
      ~# killall httpd
      ~# upgradepkg mariadb-5.3.6-x86_64-1.txz
      +==============================================================================

      Upgrading mariadb-5.3.5-x86_64-1 package using ./mariadb-5.3.6-x86_64-1.txz
      +==============================================================================
      ~# httpd
      Segmentation fault (core dumped)
      ~# gdb /usr/sbin/httpd core
      [snip]
      Core was generated by `httpd'.
      Program terminated with signal 11, Segmentation fault.
      #0 0x00007f1d4fa02c33 in ASN1_primitive_free () from /lib64/libcrypto.so.1
      (gdb) bt
      #0 0x00007f1d4fa02c33 in ASN1_primitive_free () from /lib64/libcrypto.so.1
      #1 0x00007f1d4fa02c57 in ASN1_primitive_free () from /lib64/libcrypto.so.1
      #2 0x00007f1d4fa02fdf in ASN1_template_free () from /lib64/libcrypto.so.1
      #3 0x00007f1d4fa02eda in asn1_item_combine_free () from /lib64/libcrypto.so.1
      #4 0x00007f1d4fa02fdf in ASN1_template_free () from /lib64/libcrypto.so.1
      #5 0x00007f1d4fa02eda in asn1_item_combine_free () from /lib64/libcrypto.so.1
      #6 0x00007f1d4fa03015 in ASN1_item_free () from /lib64/libcrypto.so.1
      #7 0x00007f1d4aee9d1a in ssl_init_ModuleKill () from /usr/libexec/apache/mod_ssl.so
      #8 0x00007f1d4f2b0b8e in apr_pool_clear () from /usr/lib64/libapr-1.so.0
      #9 0x000000000042828d in main ()
      (gdb) quit

      Sorry, didn't have a chance to track it down to a particular source file.

      Attachments

        Activity

          People

            knielsen Kristian Nielsen
            kriskaras Kris Karas (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.