In mongodb/mongo-php-driver#1302, a user reported a segfault when the PHP driver (with libmongoc) was initialized but otherwise unused and the PHP script went on to use a separate library and the OpenSSL extension. According to the user, they were using CentOS 7 with OpenSSL 1.0.2k-fips 26 Jan 2017.
Once we obtained a backtrace, it was evident that OpenSSL 1.1 had been linked by some shared libraries loaded in the same PHP process. The PHP driver and libmongoc had evidently been compiled with OpenSSL 1.0.x, which resulted in polyfills for several OpenSSL 1.1 functions being defined:
- EVP_MD_CTX_new and EVP_MD_CTX_free, which are defined in src/libmongoc/src/mongoc/mongoc-crypto-openssl.c. Declarations in src/kms-message/src/kms_crypto_libcrypto.c already use static.
Because these functions were declared in the global scope, they were inadvertently invoked by the other shared library was was compiled against OpenSSL. I expect the segfault was due to mismatched memory allocation functions (the polyfills use libbson's API).
Although the root of this issue goes beyond libmongoc (linking multiple versions of OpenSSL in the same process is a no-no), the polyfills made the error more difficult to diagnose.
These functions should either be declared statically or renamed/prefixed, as is done for some libbson compat functions.
- related to
-
MONGOCRYPT-383 Do not declare OpenSSL 1.1 polyfill functions in global scope
- Closed
- links to