Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segmentation fault while accessing https://cloudflare-quic.com/ with --http3 #6824

Closed
icebluey opened this issue Apr 1, 2021 · 4 comments
Closed

Comments

@icebluey
Copy link

@icebluey icebluey commented Apr 1, 2021

# curl-http3 -vI --http3 https://cloudflare-quic.com/
*   Trying 2606:4700:10::ac43:9eb:443...
* Connect socket 5 over QUIC to 2606:4700:10::ac43:9eb:443
* connect to 2606:4700:10::ac43:9eb port 443 failed: Resource temporarily unavailable
*   Trying 2606:4700:10::6816:826:443...
* Connect socket 6 over QUIC to 2606:4700:10::6816:826:443
Segmentation fault

[curl -V output]

# curl-http3 -V
curl 7.76.0 (x86_64-pc-linux-gnu) libcurl/7.76.0 GnuTLS/3.7.1 zlib/1.2.11 brotli/1.0.9 zstd/1.4.9 c-ares/1.17.1 libidn2/2.3.0 libssh2/1.9.0 nghttp2/1.43.0 ngtcp2/0.1.0-DEV nghttp3/0.1.0-DEV
Release-Date: 2021-03-31
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: alt-svc AsynchDNS brotli HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets zstd

I'm not sure how this happened.

@bagder
Copy link
Member

@bagder bagder commented Apr 1, 2021

I cannot reproduce, but my ngtcp2 setup is not using GnuTLS.

Is this using ngtcp2 and nghttp3 from their respective git masters?

Can you run it with gdb and show us the stack trace for the crash?

@icebluey
Copy link
Author

@icebluey icebluey commented Apr 1, 2021

nghttp3: git9858f6d
ngtcp2: git2fd9ce1
ngtcp2 and nghttp3 was built from their respective git masters.
GnuTLS: 3.7.1

# gdb -q --args curl-http3 -vI --http3 https://cloudflare-quic.com/
Reading symbols from /usr/bin/curl-http3...(no debugging symbols found)...done.
(gdb) run
Starting program: /bin/curl-http3 -vI --http3 https://cloudflare-quic.com/
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
*   Trying 2606:4700:10::ac43:9eb:443...
* Connect socket 9 over QUIC to 2606:4700:10::ac43:9eb:443
*   Trying 172.67.9.235:443...
* Connect socket 10 over QUIC to 172.67.9.235:443
* connect to 2606:4700:10::ac43:9eb port 443 failed: Resource temporarily unavailable
*   Trying 2606:4700:10::6816:926:443...
* Connect socket 11 over QUIC to 2606:4700:10::6816:926:443

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff785ad2a in gnutls_x509_trust_list_deinit () from /lib64/libgnutls.so.30
(gdb) backtrace
#0  0x00007ffff785ad2a in gnutls_x509_trust_list_deinit () from /lib64/libgnutls.so.30
#1  0x00007ffff77c499f in gnutls_certificate_free_credentials () from /lib64/libgnutls.so.30
#2  0x00007ffff7fca8b1 in ?? () from /usr/lib64/curl/private/libcurl-gnutls.so.4
#3  0x00007ffff7f6ee1c in ?? () from /usr/lib64/curl/private/libcurl-gnutls.so.4
#4  0x00007ffff7f6f213 in ?? () from /usr/lib64/curl/private/libcurl-gnutls.so.4
#5  0x00007ffff7f6f522 in ?? () from /usr/lib64/curl/private/libcurl-gnutls.so.4
#6  0x00007ffff7f9b1d3 in ?? () from /usr/lib64/curl/private/libcurl-gnutls.so.4
#7  0x00007ffff7f9c3e6 in curl_multi_perform () from /usr/lib64/curl/private/libcurl-gnutls.so.4
#8  0x00007ffff7f78d93 in curl_easy_perform () from /usr/lib64/curl/private/libcurl-gnutls.so.4
#9  0x000055555556fba7 in ?? ()
#10 0x000055555555f984 in ?? ()
#11 0x00007ffff7a2f555 in __libc_start_main () from /lib64/libc.so.6
#12 0x000055555555fa49 in ?? ()
(gdb) 

@D4v1dH03
Copy link
Contributor

@D4v1dH03 D4v1dH03 commented Apr 3, 2021

I am expericing the very same issue as the reporter.

I visited https://cloudflare.com with HTTP/3 with GnuTLS and not only the connection failed with Resource temporarily unavailable but at the end shows the horrible words Segmentation fault (Core dumped)!

Oh noes!

bagder added a commit that referenced this issue Apr 6, 2021
... to avoid double-free.

Reported-by: Kenneth Davidson
Fixes #6824
Closes #[fill in]
@bagder
Copy link
Member

@bagder bagder commented Apr 6, 2021

It's a curl bug, not a gnutls one. You can close the one on gnutls now...

@bagder bagder closed this in 33ddef3 Apr 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

3 participants