-
Type: Bug
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: 1.4.2
-
Component/s: None
-
None
-
Environment:OpenSSL 1.0.2m
In mongodb/mongo-php-driver#789, a user reported a segfault related to OpenSSL cleanup routines.
When the mongodb extension starts, libmongoc assigns two thread callbacks for certain OpenSSL versions. The openssl extension unsets one of these callbacks when it shuts down. When the mongodb extension shuts down, it misses unsetting one callback because the other callback used for checking has already been unset by the openssl extension. Later, the curl extension shuts down and cURL itself invokes some logic within OpenSSL that attempts to invoke the still-set callback. This produces a segfault because the function pointer is no longer value after libmongoc has been unloaded (i.e. dlclose()).
The reporting user discovered a workaround by loading the mongodb extension after openssl, which ensures that its cleanup routine runs before openssl. AFAIK, this is a rare issue and would not affect most deployments where openssl is typically built-in to PHP. That said, it seems like something we can address in libmongoc (avoid leaving a dangling function pointer behind) and possible the openssl extension (investigate why it always unsets a callback, which it may have never assigned in the first place).
- depends on
-
CDRIVER-2605 OpenSSL thread and id callbacks should be unset independently
- Closed
-
PHPC-1174 Upgrade bundled libbson and libmongoc to 1.10
- Closed
- is related to
-
CDRIVER-555 Segfault during OpenSSL cleanup routines
- Closed
-
PHPC-167 PHP crashes with phongo just being loaded during shutdown
- Closed
- links to