New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segmentation fault after modifying ManagedDomain #68

Closed
Sp1l opened this Issue Dec 2, 2017 · 17 comments

Comments

Projects
None yet
5 participants
@Sp1l
Contributor

Sp1l commented Dec 2, 2017

After removing the first hostname from the ManagedDomain directive, Apache fails to start resulting in a SEGFAULT.

# grep ManagedDomain /usr/local/etc/apache24/httpd.conf
ManagedDomain site1.example.org site2.sample.org site3.example.net
# a2md -d /usr/local/md list
md: site1.example.org [site1.example.org site2.sample.org site3.example.net]

Modified, remove site1

# grep ManagedDomain /usr/local/etc/apache24/httpd.conf
ManagedDomain site2.sample.org site3.example.net
# a2md -d /usr/local/md list
md: site1.example.org [site1.example.org site2.sample.org site3.example.net]

Starting -e DEBUG -x results in

[Sat Dec 02 09:44:26.576161 2017] [so:debug] [pid 61051:tid 34397577216] mod_so.c(266): AH01575: loaded module md_module from /usr/local/libexec/apache24/mod_md.so
[Sat Dec 02 09:44:26.581332 2017] [ssl:info] [pid 61051:tid 34397577216] AH01883: Init: Initialized OpenSSL library
Segmentation fault (core dumped)

Adding site1.example.org back to the ManagedDomain, apache starts without problems again.
After deleting the old and adding the new hostnames, the server starts OK again.

#a2md -d /usr/local/md store remove site1.example.org
#a2md -d /usr/local/md store add site2.sample.org site3.example.net
# a2md -d /usr/local/md list
md: site2.example.org [site2.sample.org site3.example.net]

Removal of the (first) hostname being the name of the ManagedDomain seems to trigger this behavior. "Adds a new managed domain. Must not overlap with existing domains." seems like the trigger for the failure as there is overlap between the 'old' and the 'new' name

FreeBSD 11.1-p1 amd64
Apache 2.4.29
mod_md 1.0.6

@icing

This comment has been minimized.

Owner

icing commented Dec 8, 2017

Added 2 test cases doing what you describe. I found one debug log that had a %d too much, but otherwise things worked as expected. Could you give v1.0.7 a shot? If the problem persists, I'l need a stacktrace of the segfault to find where it really goes bazooka. Thanks!

@MrDini123

This comment has been minimized.

MrDini123 commented Dec 17, 2017

Hi,

I also get a segfault, and I only have one domain.

[Sun Dec 17 23:45:20.939877 2017] [so:debug] [pid 3633] mod_so.c(266): AH01575: loaded module md_module from /usr/apache/modules/mod_md.so
Segmentation fault (core dumped)

The config looks like this:

ManagedDomain secret.com
<VirtualHost *:12345>
    DocumentRoot "/var/www/external"
    ServerName not.secret.com
    #I am not sure if ServerAlias is needed here, without that mod_md gives No VirtualHost error
    ServerAlias secret.com
    SSLEngine on
</VirtualHost>

The internal 12345 port points to the external 80 port. So the VirtualHost Can be accessible from http://not.secret.com

@MrDini123

This comment has been minimized.

MrDini123 commented Dec 17, 2017

I Can reproduce it with the latest mod_md release (1.1.1).

Here is my current config part:

MDomain secret.com
<VirtualHost *:12344>
    DocumentRoot "/var/www/external"
    ServerName not.secret.com
    ServerAlias secret.com
    SSLEngine on
</VirtualHost>

Thanks.

@icing

This comment has been minimized.

Owner

icing commented Dec 19, 2017

Are you able to produce a stacktrace of the fault? Because that config produces the expected error in my test suite, namely a log error like

Virtual Host not.secret.com:0 matches Managed Domain 'secret.com', but the name/alias not.secret.com itself is not managed. A requested MD certificate will not match ServerName.

icing added a commit that referenced this issue Dec 19, 2017

@icing

This comment has been minimized.

Owner

icing commented Dec 19, 2017

I suspect there is a spurious bug in my JSON reference counting that strikes now and again...

@Badman12

This comment has been minimized.

Badman12 commented Dec 19, 2017

Hi!

I have SEGFAUlT when I first time setup my site and restart apache service if i reload service it`s works great. It happened because folder /etc/apache2/md/domains does not created and md variable equals NULL in md_get_certificate function.

md = md_reg_get(reg, sc->assigned->name, p);

I try to fix this, but the problem was not solved.

if (NULL == md) { md_log_perror(MD_LOG_MARK, MD_LOG_INFO, rv, p, "%s: not found", sc->assigned->name); return APR_ENOENT; }

PID: 5106 (apache2)
UID: 0 (root)
GID: 0 (root)
Signal: 11 (SEGV)
Timestamp: Mon 2017-12-18 23:09:00 CET (28s ago)
Command Line: /usr/sbin/apache2 -k start
Executable: /usr/sbin/apache2
Control Group: /system.slice/apache2.service
Unit: apache2.service
Slice: system.slice
Boot ID: 32a022b4285a4b13acc3daa616b7ad0d
Machine ID: b623dd9d7ffc3b41d173b0fc5853bb89
Hostname: mysite.com
Coredump: /var/lib/systemd/coredump/core.apache2.0.32a022b4285a4b13acc3daa616b7ad0d.5106.1513
Message: Process 5106 (apache2) of user 0 dumped core.

            Stack trace of thread 5106:
            #0  0x00007f3a8d5ea8ed md_reg_get_cred_files (mod_md.so)
            #1  0x00007f3a8d5e19de md_get_certificate (mod_md.so)
            #2  0x00007f3a83eb831a n/a (mod_ssl.so)
            #3  0x00007f3a83eb8bc5 n/a (mod_ssl.so)
            #4  0x000055626ab74943 ap_run_post_config (apache2)
            #5  0x000055626ab4f7ee main (apache2)
            #6  0x00007f3a8fee6830 __libc_start_main (libc.so.6)
            #7  0x000055626ab4fb49 _start (apache2)

`

@MrDini123

This comment has been minimized.

MrDini123 commented Dec 19, 2017

Unfortunately I Cannot run make test command, because I got this error:

make[1]: Entering directory '/i-data/bf835951/build/mod_md/test'
  CC       unit/unit_main-main.o
In file included from unit/test_common.h:19:0,
                 from unit/main.c:15:
/usr/include/apr-1/apr.h:359:10: error: unknown type name 'off64_t'
 typedef  off64_t           apr_off_t;
          ^
Makefile:651: recipe for target 'unit/unit_main-main.o' failed
make[1]: *** [unit/unit_main-main.o] Error 1
make[1]: Leaving directory '/i-data/bf835951/build/mod_md/test'
Makefile:906: recipe for target 'test' failed
make: *** [test] Error 2

Yes, it is a 32 bit ARMv5 machine... I tried to define the largefile sources by modifying the CFLAGS, but not helped unfortunately. Should I try an apr recompile?

And here is the bt:

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x4070a600 in md_reg_get_cred_files ()
   from /usr/apache/modules/mod_md.so
(gdb) bt
#0  0x4070a600 in md_reg_get_cred_files ()
   from /usr/apache/modules/mod_md.so
#1  0x407025c8 in md_get_certificate ()
   from /usr/apache/modules/mod_md.so
#2  0x404a76c8 in ssl_init_ConfigureServer ()
   from /usr/apache/modules/mod_ssl.so
#3  0x404a7f40 in ssl_init_Module ()
   from /usr/apache/modules/mod_ssl.so
#4  0x0004d89c in ap_run_post_config ()
#5  0x00029ab8 in main ()
@MrDini123

This comment has been minimized.

MrDini123 commented Dec 19, 2017

I got some different errors when recompiling the current master:

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x4070a6e4 in md_reg_get_cred_files (reg=reg@entry=0xf8728,
    md=md@entry=0x0, p=p@entry=0x8d0a8,
    pkeyfile=pkeyfile@entry=0xbedf18d0,
    pcertfile=pcertfile@entry=0xbedf18d4) at md_reg.c:430
430         rv = md_store_get_fname(pkeyfile, reg->store, MD_SG_DOMAINS, md->name, MD_FN_PRIVKEY, p);
(gdb) bt
#0  0x4070a6e4 in md_reg_get_cred_files (reg=reg@entry=0xf8728,
    md=md@entry=0x0, p=p@entry=0x8d0a8,
    pkeyfile=pkeyfile@entry=0xbedf18d0,
    pcertfile=pcertfile@entry=0xbedf18d4) at md_reg.c:430
#1  0x40702610 in md_get_certificate (s=0xe1520, p=0x8d0a8,
    pkeyfile=0xbedf18d0, pcertfile=0xbedf18d4) at mod_md.c:1172
#2  0x404a76c8 in ssl_init_ConfigureServer ()
   from /usr/apache/modules/mod_ssl.so
#3  0x404a7f40 in ssl_init_Module ()
   from /usr/apache/modules/mod_ssl.so
#4  0x0004d89c in ap_run_post_config ()
#5  0x00029ab8 in main ()
@MadLittleMods

This comment has been minimized.

MadLittleMods commented Dec 20, 2017

@icing Any tips for getting a stacktrace?

<VirtualHost *:80>
	Include includes/shared-example.com.conf

	# Included here because it can't be duplicated and we only need one, see https://github.com/certbot/certbot/issues/1820#issuecomment-188958789
	WSGIDaemonProcess example.com python-home="/var/www-src/venv" python-path="/var/www-src/django_project/"
</VirtualHost>

<VirtualHost *:443>
	SSLEngine On
	# In Apache >=2.4.30, we can just use
	#SSLPolicy modern

	Include includes/shared-example.com.conf
</VirtualHost>

MDomain example.com
MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf

includes/shared-example.com.conf

ServerAdmin example@example.com
ServerName example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

WSGIScriptAlias / "/var/www-src/django_project/django_project/wsgi.py"
# This is included once in the *:80 atm because it can't be duplicated (see https://github.com/certbot/certbot/issues/1820#issuecomment-188958789)
#WSGIDaemonProcess example.com python-home="/var/www-src/venv" python-path="/var/www-src/django_project/"
WSGIProcessGroup example.com

<Directory "/var/www-src/django_project/django_project/">
	<Files wsgi.py>
		Order deny,allow
		Require all granted
	</Files>
</Directory>

# static
Alias /static /var/www/static/

<Directory "/var/www/static/">
	Options -Indexes
	Order Deny,Allow
	Allow from all
</Directory>
@icing

This comment has been minimized.

Owner

icing commented Dec 20, 2017

@Badman12 thanks for the bt, looking into this. There has been a re-ordering recently in regards to configuration checking and it seems that mod_ssl now calls a mod_md unexpectedly early.

@icing

This comment has been minimized.

Owner

icing commented Dec 20, 2017

Guys, could you check the version 1.1.2 which I just released here? Thanks!

@Badman12

This comment has been minimized.

Badman12 commented Dec 20, 2017

@icing I don`t have SEGFAULT in version 1.1.2. Thanks

@icing

This comment has been minimized.

Owner

icing commented Dec 20, 2017

@Badman12 thanks for the quick test and feedback!

@MrDini123

This comment has been minimized.

MrDini123 commented Dec 20, 2017

Works like a charm.

So many thanks @icing for the quick fix and of course for this awesome and useful module!

@icing

This comment has been minimized.

Owner

icing commented Dec 20, 2017

Great to hear that you enjoy it! :-D

@icing

This comment has been minimized.

Owner

icing commented Dec 20, 2017

Ha, just when you think you are done...

During testing I found a user-after-free for server names that are auto-added to a MD. Please try v1.1.3 if you find the time. Thanks!

@MrDini123

This comment has been minimized.

MrDini123 commented Dec 23, 2017

Sorry for the delay @icing. v1.1.5 works awesome for me. 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment