Forum List Message List New Topic Print View

Maxim Dounin

August 02, 2011 08:42AM

Hello!

On Tue, Aug 02, 2011 at 04:35:28PM +0800, Delta Yeh wrote:

> Hi,
> Nginx crash if switch http to https, steps to reproduce are :
> 1. setup a normal config of http
> 2. start nginx
> 3. edit config file and add:
> ssl on;
> ssl_certificate /path/to/root.cert;
> ssl_certificate_key /path/to//root.key;
> ssl_client_certificate /path/to//root.ca.cert;
>
> 4. kill -HUP pid_of_nginx
> 5. nginx crashed.

Thank you for your report. Attached patch should fix this problem.

Maxim Dounin
# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1312288588 -14400
# Node ID bfa529856fb228a0d57321750460caab2e08a4ac
# Parent 561a37709f6d7f31424a04d7e2c4855a7464a933
Core: fix unused share zone handling on reload.

The problem manifiests itself e.g. if one have

ssl_session_cache shared:SSL:1m;

but no ssl certificates set. If nginx is reloaded with certificate(s)
added it will SIGSEGV. Fix is to correctly ignore previously unused
shared memory zones when looking though old zones.

Additionally, don't try to free old unused shared memory zones and
free old used ones if new one is unused.

Reported by Delta Yeh,
http://mailman.nginx.org/pipermail/nginx/2011-August/028343.html

diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c
--- a/src/core/ngx_cycle.c
+++ b/src/core/ngx_cycle.c
@@ -439,6 +439,11 @@ ngx_init_cycle(ngx_cycle_t *old_cycle)
n = 0;
}

+ if (oshm_zone[n].init == NULL) {
+ /* old unused shared zone */
+ continue;
+ }
+
if (shm_zone[i].shm.name.len != oshm_zone[n].shm.name.len) {
continue;
}
@@ -622,6 +627,11 @@ ngx_init_cycle(ngx_cycle_t *old_cycle)
i = 0;
}

+ if (oshm_zone[i].init == NULL) {
+ /* old unused shared zone */
+ continue;
+ }
+
part = &cycle->shared_memory.part;
shm_zone = part->elts;

@@ -636,6 +646,11 @@ ngx_init_cycle(ngx_cycle_t *old_cycle)
n = 0;
}

+ if (shm_zone[n].init == NULL) {
+ /* unused shared zone */
+ continue;
+ }
+
if (oshm_zone[i].shm.name.len == shm_zone[n].shm.name.len
&& ngx_strncmp(oshm_zone[i].shm.name.data,
shm_zone[n].shm.name.data,
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
nginx 0.8.55 && 1.1.0 core dump if switch from http to https with HUP	deltay	August 02, 2011 04:38AM
Re: nginx 0.8.55 && 1.1.0 core dump if switch from http to https with HUP	Maxim Dounin	August 02, 2011 08:42AM
Re: nginx 0.8.55 && 1.1.0 core dump if switch from http to https with HUP	deltay	August 03, 2011 01:28AM
Re: nginx 0.8.55 && 1.1.0 core dump if switch from http to https with HUP	Igor Sysoev	August 03, 2011 11:48AM
Re: nginx 0.8.55 && 1.1.0 core dump if switch from http to https with HUP	deltay	August 03, 2011 11:02PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 217

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018

nginx 0.8.55 && 1.1.0 core dump if switch from http to https with HUP

Re: nginx 0.8.55 && 1.1.0 core dump if switch from http to https with HUP

Re: nginx 0.8.55 && 1.1.0 core dump if switch from http to https with HUP

Re: nginx 0.8.55 && 1.1.0 core dump if switch from http to https with HUP

Re: nginx 0.8.55 && 1.1.0 core dump if switch from http to https with HUP

Online Users