Uploaded image for project: 'PHP Driver: Extension'
  1. PHP Driver: Extension
  2. PHPC-1158

Segfault during OpenSSL cleanup routines

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 1.5.0
    • Affects Version/s: 1.4.2
    • Component/s: None
    • None
    • Environment:
      OpenSSL 1.0.2m

      In mongodb/mongo-php-driver#789, a user reported a segfault related to OpenSSL cleanup routines.

      When the mongodb extension starts, libmongoc assigns two thread callbacks for certain OpenSSL versions. The openssl extension unsets one of these callbacks when it shuts down. When the mongodb extension shuts down, it misses unsetting one callback because the other callback used for checking has already been unset by the openssl extension. Later, the curl extension shuts down and cURL itself invokes some logic within OpenSSL that attempts to invoke the still-set callback. This produces a segfault because the function pointer is no longer value after libmongoc has been unloaded (i.e. dlclose()).

      The reporting user discovered a workaround by loading the mongodb extension after openssl, which ensures that its cleanup routine runs before openssl. AFAIK, this is a rare issue and would not affect most deployments where openssl is typically built-in to PHP. That said, it seems like something we can address in libmongoc (avoid leaving a dangling function pointer behind) and possible the openssl extension (investigate why it always unsets a callback, which it may have never assigned in the first place).

            Assignee:
            jmikola@mongodb.com Jeremy Mikola
            Reporter:
            jmikola@mongodb.com Jeremy Mikola
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: