Bug 525792

Summary: segmentation fault in openssl tests
Product: [Fedora] Fedora Reporter: Nikolai Lugovoi <nlugovoi>
Component: rubyAssignee: Jeroen van Meeuwen <vanmeeuwen+fedora>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 12CC: jeremy, mtasaka, tagoh, vanmeeuwen+fedora
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-05-14 07:23:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nikolai Lugovoi 2009-09-25 18:38:44 UTC 
Trying to run test_ssl.rb from ruby-1.8.6 source tree, program segfaults:

$ ruby test/openssl/test_ssl.rb 
Loaded suite test/openssl/test_ssl
Started
..test/openssl/test_ssl.rb:215: [BUG] Segmentation fault
ruby 1.8.6 (2009-06-08) [i386-linux]

Aborted


installed components:

ruby-1.8.6.369-3.fc12.i686, built from ruby-1.8.6.369-3.fc12.src.rpm
openssl-1.0.0-0.7.beta3.fc12.i686

GDB backtrace:

#0  freelist_insert (ctx=0x817c550, for_read=1, sz=34120, mem=0x86c0a48) at s3_both.c:645
#1  0x00691305 in ssl3_release_read_buffer (s=0x81ee640) at s3_both.c:762
#2  0x0068d60c in ssl3_free (s=0x81ee640) at s3_lib.c:2151
#3  0x00695d75 in tls1_free (s=0x81ee640) at t1_lib.c:163
#4  0x006a4041 in SSL_free (s=0x81ee640) at ssl_lib.c:581
#5  0x002a17c9 in ossl_ssl_free (ssl=<value optimized out>) at ossl_ssl.c:511
#6  0x08077193 in run_final (obj=3086404720) at gc.c:1903
#7  0x080771e4 in finalize_list (p=<value optimized out>) at gc.c:1057
#8  rb_gc_finalize_deferred (p=<value optimized out>) at gc.c:1931

It could be also an openssl-1.0.0beta3 bug, as the same ruby source code, with ruby-openssl-1.0.patch and other patches applied, but compiled on another system with openssl-0.9.8k runs without problem.
Comment 1 Nikolai Lugovoi 2009-09-26 13:04:21 UTC 
Looks like it is ruby garbage collection issue: sometimes SSLContext is freed in GC earlier than SSLSocket which still references such context.

As ugly workaround, this patch seems to work:

diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 4a4e60f..321132c 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -127,6 +127,8 @@ int ossl_ssl_ex_tmp_dh_callback_idx;
 static void
 ossl_sslctx_free(SSL_CTX *ctx)
 {
+    /* skip cleanup, if still referenced from one SSL socket, delay it to implicit calls from ossl_ssl_free */
+    if(ctx && ctx->references == 3) return;
     if(ctx && SSL_CTX_get_ex_data(ctx, ossl_ssl_ex_store_p)== (void*)1)
        ctx->cert_store = NULL;
     SSL_CTX_free(ctx);
Comment 2 Bug Zapper 2009-11-16 12:57:35 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle.
Changing version to '12'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 3 Mamoru TASAKA 2010-05-14 07:23:43 UTC 
It seems that with current openssl-1.0.0-1.fc13 this issue
does not happen. Perhaps this was bug in openssl.

Once closing.