Bug#495982: /usr/sbin/ab: /usr/sbin/ab segfaults on some https sites

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#495982: /usr/sbin/ab: /usr/sbin/ab segfaults on some https sites
From: Christian Kujau <lists@nerdbynature.de>
Date: Thu, 21 Aug 2008 21:29:20 +0200
Message-id: <[🔎] 20080821192920.2713.98053.reportbug@sheep.housecafe.de>
Reply-to: Christian Kujau <lists@nerdbynature.de>, 495982@bugs.debian.org
Package: apache2-utils
Version: 2.2.9-7
Severity: normal
File: /usr/sbin/ab


When running ab(8) against certain SSL sites, it segfaults. 
 * strange thing #1: it does NOT segfault for all SSL sites. A few tests suggest
   that it's only happening when the GET request is being redirected by the 
   server.
 * strange thing #2: it does only segfault when run with a verbosity level > 1

$ /usr/sbin/ab -v 2 -n 1 https://www.meineschufa.de/
*** glibc detected *** /usr/sbin/ab: free(): invalid pointer: 0xb7d701d8 ***
======= Backtrace: =========
/lib/i686/cmov/libc.so.6[0xb7c864f4]
/lib/i686/cmov/libc.so.6(cfree+0x96)[0xb7c886f6]
/usr/lib/i686/cmov/libcrypto.so.0.9.8(CRYPTO_free+0x3a)[0xb7dd3c8a]
/usr/lib/i686/cmov/libcrypto.so.0.9.8(ASN1_STRING_free+0x2d)[0xb7e6abad]
/usr/lib/i686/cmov/libcrypto.so.0.9.8(ASN1_primitive_free+0x8c)[0xb7e6161c]
/usr/lib/i686/cmov/libcrypto.so.0.9.8(ASN1_primitive_free+0x126)[0xb7e616b6]
/usr/lib/i686/cmov/libcrypto.so.0.9.8[0xb7e61963]
/usr/lib/i686/cmov/libcrypto.so.0.9.8(ASN1_template_free+0x93)[0xb7e61a13]
/usr/lib/i686/cmov/libcrypto.so.0.9.8[0xb7e618ff]
/usr/lib/i686/cmov/libcrypto.so.0.9.8(ASN1_template_free+0x93)[0xb7e61a13]
/usr/lib/i686/cmov/libcrypto.so.0.9.8[0xb7e618ff]
/usr/lib/i686/cmov/libcrypto.so.0.9.8(ASN1_item_free+0x18)[0xb7e61a58]
/usr/lib/i686/cmov/libcrypto.so.0.9.8(X509_free+0x27)[0xb7e5afa7]
/usr/lib/i686/cmov/libcrypto.so.0.9.8(sk_pop_free+0x38)[0xb7e3f928]
/usr/lib/i686/cmov/libssl.so.0.9.8(ssl_sess_cert_free+0x70)[0xb7f132c0]
/usr/lib/i686/cmov/libssl.so.0.9.8(SSL_SESSION_free+0xc5)[0xb7f14415]
/usr/lib/i686/cmov/libssl.so.0.9.8(SSL_free+0x110)[0xb7f11dd0]
/usr/sbin/ab[0x804b5a8]
/usr/sbin/ab[0x804e186]
/usr/sbin/ab[0x804f942]
/lib/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7c2e455]
/usr/sbin/ab(realloc+0x49)[0x804a381]
======= Memory map: ========
08048000-08053000 r-xp 00000000 08:05 181029     /usr/sbin/ab
08053000-08054000 rw-p 0000a000 08:05 181029     /usr/sbin/ab
08054000-08058000 rw-p 08054000 00:00 0 
08d55000-08d97000 rw-p 08d55000 00:00 0          [heap]
b7400000-b7421000 rw-p b7400000 00:00 0
b7421000-b7500000 ---p b7421000 00:00 0
b7525000-b7531000 r-xp 00000000 08:05 517146     /lib/libgcc_s.so.1
b7531000-b7532000 rw-p 0000b000 08:05 517146     /lib/libgcc_s.so.1
b7532000-b753c000 r-xp 00000000 08:05 517182     /lib/i686/cmov/libnss_files-2.7.so
b753c000-b753e000 rw-p 00009000 08:05 517182     /lib/i686/cmov/libnss_files-2.7.so
b754a000-b754d000 rw-p b754a000 00:00 0
b754d000-b754f000 r-xp 00000000 08:05 517125     /lib/libkeyutils-1.2.so
b754f000-b7550000 rw-p 00001000 08:05 517125     /lib/libkeyutils-1.2.so
b7550000-b7557000 r-xp 00000000 08:05 180607     /usr/lib/libkrb5support.so.0.1
b7557000-b7558000 rw-p 00006000 08:05 180607     /usr/lib/libkrb5support.so.0.1
b7558000-b757b000 r-xp 00000000 08:05 179537     /usr/lib/libk5crypto.so.3.1
b757b000-b757c000 rw-p 00023000 08:05 179537     /usr/lib/libk5crypto.so.3.1
b757c000-b75e2000 r-xp 00000000 08:05 179365     /usr/lib/libgcrypt.so.11.4.4
b75e2000-b75e4000 rw-p 00066000 08:05 179365     /usr/lib/libgcrypt.so.11.4.4
b75e4000-b75e5000 rw-p b75e4000 00:00 0
b75e5000-b75e8000 r-xp 00000000 08:05 180383     /usr/lib/libgpg-error.so.0.3.0
b75e8000-b75e9000 rw-p 00002000 08:05 180383     /usr/lib/libgpg-error.so.0.3.0
b75e9000-b75f8000 r-xp 00000000 08:05 179413     /usr/lib/libtasn1.so.3.0.15
b75f8000-b75f9000 rw-p 0000e000 08:05 179413     /usr/lib/libtasn1.so.3.0.15
b75f9000-b760e000 r-xp 00000000 08:05 517176     /lib/i686/cmov/libnsl-2.7.so
b760e000-b7610000 rw-p 00014000 08:05 517176     /lib/i686/cmov/libnsl-2.7.so
b7610000-b7612000 rw-p b7610000 00:00 0
b7612000-b763b000 r-xp 00000000 08:05 177790     /usr/lib/libgssapi_krb5.so.2.2
b763b000-b763c000 rw-p 00028000 08:05 177790     /usr/lib/libgssapi_krb5.so.2.2
b763c000-b763e000 r-xp 00000000 08:05 517134     /lib/libcom_err.so.2.1
b763e000-b763f000 rw-p 00001000 08:05 517134     /lib/libcom_err.so.2.1
b763f000-b7640000 rw-p b763f000 00:00 0
b7640000-b76d2000 r-xp 00000000 08:05 180514     /usr/lib/libkrb5.so.3.3
b76d2000-b76d4000 rw-p 00092000 08:05 180514     /usr/lib/libkrb5.so.3.3
b76d4000-b776b000 r-xp 00000000 08:05 179519     /usr/lib/libgnutls.so.26.4.5
b776b000-b7771000 rw-p 00097000 08:05 179519     /usr/lib/libgnutls.so.26.4.5
b7771000-b7787000 r-xp 00000000 08:05 180279     /usr/lib/libsasl2.so.2.0.22
b7787000-b7788000 rw-p 00015000 08:05 180279     /usr/lib/libsasl2.so.2.0.22
b7788000-b7798000 r-xp 00000000 08:05 517223     /lib/i686/cmov/libresolv-2.7.so
b7798000-b779a000 rw-p 0000f000 08:05 517223     /lib/i686/cmov/libresolv-2.7.so
b779a000-b779c000 rw-p b779a000 00:00 0
b779c000-b77b0000 r-xp 00000000 08:05 178574     /usr/lib/libz.so.1.2.3.3
b77b0000-b77b1000 rw-p 00013000 08:05 178574     /usr/lib/libz.so.1.2.3.3
b77b1000-b77b3000 r-xp 00000000 08:05 517173     /lib/i686/cmov/libdl-2.7.so
b77b3000-b77b5000 rw-p 00001000 08:05 517173     /lib/i686/cmov/libdl-2.7.so
b77b5000-b77b6000 rw-p b77b5000 00:00 0
b77b6000-b77bf000 r-xp 00000000 08:05 517172     /lib/i686/cmov/libcrypt-2.7.so
b77bf000-b77c1000 rw-p 00008000 08:05 517172     /lib/i686/cmov/libcrypt-2.7.so
b77c1000-b77e8000 rw-p b77c1000 00:00 0 
b77e8000-b77ef000 r-xp 00000000 08:05 517227     /lib/i686/cmov/librt-2.7.so
b77ef000-b77f1000 rw-p 00006000 08:05 517227     /lib/i686/cmov/librt-2.7.so
b77f1000-b77f4000 r-xp 00000000 08:05 517140     /lib/libuuid.so.1.2
b77f4000-b77f5000 rw-p 00002000 08:05 517140     /lib/libuuid.so.1.2
b77f5000-b7819000 r-xp 00000000 08:05 178591     /usr/lib/libexpat.so.1.5.2
b7819000-b781b000 rw-p 00023000 08:05 178591     /usr/lib/libexpat.so.1.5.2
b781b000-b7888000 r-xp 00000000 08:05 182035     /usr/lib/libsqlite3.so.0.8.6
b7888000-b788a000 rw-p 0006c000 08:05 182035     /usr/lib/libsqlite3.so.0.8.6
b788a000-b7a30000 r-xp 00000000 08:05 355747     /usr/lib/libmysqlclient_r.so.15.0.0
b7a30000-b7a74000 rw-p 001a5000 08:05 355747     /usr/lib/libmysqlclient_r.so.15.0.0
b7a74000-b7a76000 rw-p b7a74000 00:00 0 
b7a76000-b7a94000 r-xp 00000000 08:05 187338     /usr/lib/libpq.so.5.1
b7a94000-b7a95000 rw-p 0001e000 08:05 187338     /usr/lib/libpq.so.5.1
b7a95000-b7bc5000 r-xp 00000000 08:05 178262     /usr/lib/libdb-4.6.so
b7bc5000-b7bc8000 rw-p 00130000 08:05 178262     /usr/lib/libdb-4.6.so
b7bc8000-b7bd4000 r-xp 00000000 08:05 177836     /usr/lib/liblber-2.4.so.2.0.6
b7bd4000-b7bd5000 rw-p 0000c000 08:05 177836     /usr/lib/liblber-2.4.so.2.0.6
b7bd5000-b7c15000 r-xp 00000000 08:05 177838     /usr/lib/libldap_r-2.4.so.2.0.6
b7c15000-b7c17000 rw-p 0003f000 08:05 177838     /usr/lib/libldap_r-2.4.so.2.0.6
b7c17000-b7c18000 rw-p b7c17000 00:00 0 
b7c18000-b7d6d000 r-xp 00000000 08:05 517168     /lib/i686/cmov/libc-2.7.so
b7d6d000-b7d6e000 r--p 00155000 08:05 517168     /lib/i686/cmov/libc-2.7.so
b7d6e000-b7d70000 rw-p 00156000 08:05 517168     /lib/i686/cmov/libc-2.7.so
b7d70000-b7d73000 rw-p b7d70000 00:00 0 
b7d73000-b7d88000 r-xp 00000000 08:05 517222     /lib/i686/cmov/libpthread-2.7.so
b7d88000-b7d8a000 rw-p 00014000 08:05 517222     /lib/i686/cmov/libpthread-2.7.so
b7d8a000-b7d8d000 rw-p b7d8a000 00:00 0 
b7d8d000-b7ec7000 r-xp 00000000 08:05 195144     /usr/lib/i686/cmov/libcrypto.so.0.9.8
b7ec7000-b7edd000 rw-p 0013a000 08:05 195144     /usr/lib/i686/cmov/libcrypto.so.0.9.8
b7edd000-b7ee0000 rw-p b7edd000 00:00 0 
b7ee0000-b7f22000 r-xp 00000000 08:05 195147     /usr/lib/i686/cmov/libssl.so.0.9.8
b7f22000-b7f26000 rw-p 00042000 08:05 195147     /usr/lib/i686/cmov/libssl.so.0.9.8
b7f26000-b7f4f000 r-xp 00000000 08:05 178294     /usr/lib/libapr-1.so.0.2.12
b7f4f000-b7f51000 rw-p 00028000 08:05 178294     /usr/lib/libapr-1.so.0.2.12
b7f51000-b7f75000 r-xp 00000000 08:05 517174     /lib/i686/cmov/libm-2.7.so
b7f75000-b7f77000 rw-p 00023000 08:05 517174     /lib/i686/cmov/libm-2.7.so
b7f77000-b7f93000 r-xp 00000000 08:05 178807     /usr/lib/libaprutil-1.so.0.2.12
b7f93000-b7f95000 rw-p 0001c000 08:05 178807     /usr/lib/libaprutil-1.so.0.2.12
b7f95000-b7f96000 rw-p b7f95000 00:00 0 
b7f9b000-b7f9f000 r-xp 00000000 08:05 517180     /lib/i686/cmov/libnss_dns-2.7.so
b7f9f000-b7fa1000 rw-p 00003000 08:05 517180     /lib/i686/cmov/libnss_dns-2.7.so
b7fa1000-b7fa3000 rw-p b7fa1000 00:00 0 
b7fa3000-b7fa4000 r-xp b7fa3000 00:00 0          [vdso]
b7fa4000-b7fbe000 r-xp 00000000 08:05 517517     /lib/ld-2.7.so
b7fbe000-b7fc0000 rw-p 0001a000 08:05 517517     /lib/ld-2.7.so
bf9ab000-bf9c0000 rw-p bffeb000 00:00 0          [stack]
Aborted (core dumped)
-------------------------

I've run ab(8) for a few other URLs and under gdb(1), coredumps are available :)

Thanks,
Christian.


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.27-rc3
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apache2-utils depends on:
ii  libapr1                    1.2.12-4      The Apache Portable Runtime Librar
ii  libaprutil1                1.2.12+dfsg-7 The Apache Portable Runtime Utilit
ii  libc6                      2.7-13        GNU C Library: Shared libraries
ii  libssl0.9.8                0.9.8g-13     SSL shared libraries

apache2-utils recommends no packages.

apache2-utils suggests no packages.

-- no debconf information
Reply to:
Prev by Date: Bug#490859: marked as done (libaprutil1 should depend on libmysqlclient15off >= 5.0.51a)
Next by Date: Bug#495982: /usr/sbin/ab: /usr/sbin/ab segfaults on some https sites
Previous by thread: Bug#490859: marked as done (libaprutil1 should depend on libmysqlclient15off >= 5.0.51a)
Next by thread: Bug#495982: /usr/sbin/ab: /usr/sbin/ab segfaults on some https sites
Index(es):
- Date
- Thread