Bug 483222 - git clone over https crash using libcurl+nss
git clone over https crash using libcurl+nss
Status: CLOSED DUPLICATE of bug 483855
Product: Fedora
Classification: Fedora
Component: curl (Show other bugs)
10
All Linux
low Severity medium
: ---
: ---
Assigned To: Kamil Dudka
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-01-30 05:38 EST by Jan "Yenya" Kasprzak
Modified: 2009-02-25 10:33 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-02-25 06:55:56 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan "Yenya" Kasprzak 2009-01-30 05:38:19 EST
Description of problem:
When I try to clone a git repository over https (as opposed to http), it crashes either with SIGSEGV or with glibc "double free or corruption" check. I have tried two different https servers and several different git versions (both from Fedora and compiled by myself), and several distributions (F7, F8 and F10, all x86_64). The same repository clone always works when cloning over http instead of https.

I have reported this to the git mailing list, and got a hint that the problem could be in Fedora using libcurl with nss. So I have grabbed a src.rpm, removed the "--without-ssl --with-nss=%{_prefix}" statements from the %configure command, rebuilt, installed, and now git clone works. So the problem is apparently either in libcurl usage of nss, or with libnss itself.

Version-Release number of selected component (if applicable):
git-1.6.0.6-1.fc10.x86_64 (tested also with 1.6.1.2 compiled by myself)
curl-7.18.2-9.fc10.x86_64 (tested also with 7.18.2-7 from stock F10, and today's rawhide version curl-7.18.2-9.fc11.x86_64)
nss-3.12.2.0-3.fc10.x86_64

How reproducible:
100 %

Steps to Reproduce:
1. add the following certificate to ca-bundle.crt:
   # cat >> /etc/pki/tls/certs/ca-bundle.crt
-----BEGIN CERTIFICATE-----
MIICsTCCAhoCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAkNaMRcwFQYD
VQQIEw5DemVjaCBSZXB1YmxpYzENMAsGA1UEBxMEQnJubzEfMB0GA1UEChMWRmFj
dWx0eSBvZiBJbmZvcm1hdGljczEMMAoGA1UECxMDQ1ZUMRowGAYDVQQDExFBZG1p
bmlzdHJhdGl2YSBGSTEeMBwGCSqGSIb3DQEJARYPdW5peEBmaS5tdW5pLmN6MB4X
DTk3MTExMDEyMDQyOVoXDTI1MDMyODEyMDQyOVowgaAxCzAJBgNVBAYTAkNaMRcw
FQYDVQQIEw5DemVjaCBSZXB1YmxpYzENMAsGA1UEBxMEQnJubzEfMB0GA1UEChMW
RmFjdWx0eSBvZiBJbmZvcm1hdGljczEMMAoGA1UECxMDQ1ZUMRowGAYDVQQDExFB
ZG1pbmlzdHJhdGl2YSBGSTEeMBwGCSqGSIb3DQEJARYPdW5peEBmaS5tdW5pLmN6
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMm0dLLgsMSwmYPZdYYDGNsdwK
04k9O5gTYk+S70+ygUsLQNL+VLYqprsfZkDelX2wea8oUkj69R8I+vF6N1E8Ubik
3c4RFqJB6tsnTJT1YplCFd7s1BZlGSEKHC3OzHYp19pnXc0IHgX404pgpmuXaq6R
Xu+D8iboFKi60ZpsVQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAD7842aqJRKlFDzk
LK8SpR8KZ/jYWSdzNrwCQfLAlAzo8wDTcC3hgnaiKHJq4ZvS9h2tnGWm+qEToQwB
oKjKyR87zaFeEWu/tNxBNPkAXfX9jdyJ5ozDTVDpFLoLEZ5ppIuh/ZDbPhjTQZrc
IFfjrlWlrKXmiH9hCSQ5R/lIlrnG
-----END CERTIFICATE-----
EOF

2. git clone --bare https://www.fi.muni.cz/~kas/tmp/git.git
   (a clone of the official Git repository)
  
Actual results:
Initialized empty Git repository in /tmp/git.git/
Getting alternates list for https://www.fi.muni.cz/~kas/tmp/git.git
*** glibc detected *** git: double free or corruption (!prev): 0x000000000432a3d0 ***
======= Backtrace: =========
/lib64/libc.so.6[0x3653077ec8]
/lib64/libc.so.6(cfree+0x76)[0x365307a486]
/lib64/libnsspem.so[0x7fc9d2113a75]
/lib64/libnsspem.so[0x7fc9d2102a56]
/lib64/libnsspem.so[0x7fc9d21081a9]
/lib64/libnsspem.so[0x7fc9d210f9c4]
/lib64/libnss3.so[0x327f24bc4d]
/lib64/libnss3.so(PK11_CreateGenericObject+0x42)[0x327f24bed2]
/usr/lib64/libcurl.so.4[0x7fc9d2e5e129]
/usr/lib64/libcurl.so.4(Curl_nss_connect+0x622)[0x7fc9d2e5e9f2]
/usr/lib64/libcurl.so.4(Curl_protocol_connect+0xd2)[0x7fc9d2e3ed72]
/usr/lib64/libcurl.so.4[0x7fc9d2e51fd3]
/usr/lib64/libcurl.so.4(curl_multi_perform+0x8b)[0x7fc9d2e522ab]
git[0x49de9f]
git[0x49a69d]
git[0x49a971]
git[0x494b41]
git[0x4942f3]
git[0x415674]
git[0x4041a3]
git[0x4043bc]
/lib64/libc.so.6(__libc_start_main+0xe6)[0x365301e576]
git[0x403c69]
======= Memory map: ========
00400000-004d3000 r-xp 00000000 08:01 4778506                            /usr/bin/git
006d2000-006d6000 rw-p 000d2000 08:01 4778506                            /usr/bin/git
[...]
Aborted

Expected results:
A clone of the repository over https.

Additional info:
For testing purposes, the same repository is available both over http and https.
Unfortunately, git/libcurl does too many small allocations, so that running it with LD_PRELOAD=/usr/lib64/libefence.so is not feasible (it dies with Cannot allocate memory).

Originally reported here:
http://marc.info/?l=git&m=123325473627608&w=2
Comment 1 Kamil Dudka 2009-02-04 09:18:24 EST
seems to be related to Bug 483855
Comment 2 Kamil Dudka 2009-02-25 06:55:56 EST

*** This bug has been marked as a duplicate of bug 483855 ***
Comment 3 Jan "Yenya" Kasprzak 2009-02-25 10:33:05 EST
META: I think a bug with lower ID should not be marked as a duplicate of a bug with higher ID; technically speaking, the duplicate is the newer bug.

Anyway, thanks for the patch in the bug 483855, I will try it in a week or so.

Note You need to log in before you can comment on or make changes to this bug.