Description of problem: I have Apache configured as a proxy for dogtag in an IPA server. If I try to contact the proxy using the NSS ocspclnt tool (/usr/lib[64]/nss/unsupported) it causes a SIGABRT in Apache. Version-Release number of selected component (if applicable): httpd-2.4.3-12.fc18.x86_64 Steps to Reproduce: 1. Install IPA, the default is to configure a dogtag CA 2. /usr/lib[64]/nss/unsupported-tools/ocspclnt -V Server-Cert -d /etc/httpd/alias -u s From what I can tell in the dogtag logs the request is successful. It indicates that a good entry is being returned. The URI configured for the OCSP server is http://ipa.example.com/ca/ocsp The stack trace in Apache is: Program received signal SIGABRT, Aborted. 0x00007fb035b84ba5 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:63 63 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig); (gdb) where #0 0x00007fb035b84ba5 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:63 #1 0x00007fb035b86358 in __GI_abort () at abort.c:90 #2 0x00007fb035bc44ab in __libc_message (do_abort=2, fmt=fmt@entry=0x7fb035cc89e8 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:197 #3 0x00007fb035bcc982 in malloc_printerr (ptr=0x7fb038c27470, str=0x7fb035cc688f "malloc(): memory corruption", action=<optimized out>) at malloc.c:4969 #4 _int_malloc (av=0x7fb035f00740 <main_arena>, bytes=<optimized out>) at malloc.c:3448 #5 0x00007fb035bce313 in __GI___libc_malloc (bytes=8192) at malloc.c:2862 #6 0x00007fb036340d2a in allocator_alloc (in_size=8152, allocator=0x7fb038b1b850) at memory/unix/apr_pools.c:349 #7 apr_pool_create_ex (newpool=newpool@entry=0x7fb038b1e2f8, parent=0x7fb038b1d958, abort_fn=0x7fb037651470 <abort_on_oom>, abort_fn@entry=0x0, allocator=0x7fb038b1b850) at memory/unix/apr_pools.c:891 #8 0x00007fb03766bfdf in setaside_remaining_output (f=f@entry=0x7fb038b1e1b8, ctx=ctx@entry=0x7fb038b1e2e8, bb=bb@entry=0x7fb038c26cb8, c=0x7fb038b1dbc0, c=0x7fb038b1dbc0) at core_filters.c:583 #9 0x00007fb03766ca3c in ap_core_output_filter (f=0x7fb038b1e1b8, new_bb=0x7fb038c26cb8) at core_filters.c:562 #10 0x00007fb037688332 in ap_http_header_filter (f=<optimized out>, b=0x7fb038c26548) at http_filters.c:1311 #11 0x00007fb03765c56e in ap_content_length_filter (f=0x7fb0383637e8, b=0x7fb038c26548) at protocol.c:1424 #12 0x00007fb037689be1 in ap_byterange_filter (f=0x7fb0383637c0, bb=0x7fb038c26548) at byterange_filter.c:496 #13 0x00007fb02c611da0 in ap_proxy_ajp_request (uri=0x7fb038c26548, conf=0x7fb03845a8c0, conn=0x7fb03808ab40, r=0x7fb038362220, p=<optimized out>, origin=<optimized out>, url=<optimized out>, server_portstr=<optimized out>) at mod_proxy_ajp.c:510 #14 proxy_ajp_handler (r=0x7fb038362220, worker=<optimized out>, conf=0x7fb0000000c8, url=<optimized out>, proxyname=0x0, proxyport=<optimized out>) at mod_proxy_ajp.c:771 #15 0x00007fb02d031afc in proxy_run_scheme_handler (r=r@entry=0x7fb038362220, worker=0x7fb03802cee0, conf=conf@entry=0x7fb03802c810, url=0x7fb03845b08e "ajp://localhost:8009/ca/ocsp", proxyhost=proxyhost@entry=0x0, proxyport=proxyport@entry=0) at mod_proxy.c:2551 #16 0x00007fb02d03290f in proxy_handler (r=0x7fb038362220) at mod_proxy.c:1072 #17 0x00007fb037671080 in ap_run_handler (r=0x7fb038362220) at config.c:169 #18 0x00007fb0376714db in ap_invoke_handler (r=r@entry=0x7fb038362220) at config.c:432 #19 0x00007fb03768580a in ap_process_async_request (r=r@entry=0x7fb038362220) at http_request.c:317 #20 0x00007fb037685adf in ap_process_request (r=r@entry=0x7fb038362220) at http_request.c:363 #21 0x00007fb0376823e5 in ap_process_http_sync_connection (c=0x7fb038b1dbc0) at http_core.c:190 #22 ap_process_http_connection (c=0x7fb038b1dbc0) at http_core.c:231 #23 0x00007fb03767a490 in ap_run_process_connection (c=0x7fb038b1dbc0) at connection.c:41 #24 0x00007fb03767a8d0 in ap_process_connection (c=c@entry=0x7fb038b1dbc0, csd=<optimized out>) at connection.c:202 #25 0x00007fb02d243738 in child_main (child_num_arg=child_num_arg@entry=5) at prefork.c:704 #26 0x00007fb02d24397c in make_child (s=0x7fb037fb9368, slot=5) at prefork.c:800 #27 0x00007fb02d2447be in perform_idle_server_maintenance (p=<optimized out>) at prefork.c:902 #28 prefork_run (_pconf=<optimized out>, plog=<optimized out>, s=<optimized out>) at prefork.c:1090 #29 0x00007fb03765776e in ap_run_mpm (pconf=0x7fb037f8e158, plog=0x7fb037feb4f8, s=0x7fb037fb9368) at mpm_common.c:98 #30 0x00007fb03765123a in main (argc=2, argv=0x7fff91eb80d8) at main.c:777
1) Could you upload a core dump? 2) What's the config? 3) It would be interesting to see the results with export MALLOC_CHECK_=2 >> /etc/sysconfig/httpd before starting httpd, this triggers malloc corruption ealier.
This message is a reminder that Fedora 18 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 18. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '18'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 18's end of life. Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 18 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior to Fedora 18's end of life. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
It's possible this was a mod_proxy memory corruption bug which we recently fixed upstream. Otherwise lacking enough info to fix -> closing out. https://issues.apache.org/bugzilla/show_bug.cgi?id=50335