From vivek@kcilink.com  Tue Sep 10 16:24:58 2013
Return-Path: <vivek@kcilink.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTP id 97AEFF31
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 10 Sep 2013 16:24:58 +0000 (UTC)
	(envelope-from vivek@kcilink.com)
Received: from lorax.kcilink.com (lorax.kcilink.com [199.83.96.14])
	by mx1.freebsd.org (Postfix) with ESMTP id 771BA2831
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 10 Sep 2013 16:24:57 +0000 (UTC)
Received: by lorax.kcilink.com (Postfix, from userid 120)
	id 2E20517225B; Tue, 10 Sep 2013 12:16:17 -0400 (EDT)
Message-Id: <20130910161617.2E20517225B@lorax.kcilink.com>
Date: Tue, 10 Sep 2013 12:16:17 -0400 (EDT)
From: Vivek Khera <vivek@khera.org>
Reply-To: Vivek Khera <vivek@khera.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: ejabberd crashes with openssl+zlib
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         181994
>Category:       ports
>Synopsis:       net-im/ejabberd crashes with openssl+zlib
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    ashish
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 10 16:30:01 UTC 2013
>Closed-Date:    
>Last-Modified:  Mon Sep 16 06:50:00 UTC 2013
>Originator:     Vivek Khera
>Release:        FreeBSD 9.1-RELEASE-p2 amd64
>Organization:
>Environment:
System: FreeBSD lorax.kcilink.com 9.1-RELEASE-p2 FreeBSD 9.1-RELEASE-p2 #3 r249094: Thu Apr 4 09:05:07 EDT 2013 vivek@lorax.kcilink.com:/usr/obj/u/lorax1/usr9/src/sys/KCI64 amd64


	
>Description:
	

I'm *really* not sure who's "fault" this is... but when ejabberd is built with
openssl 1.0.1e from ports, it drops core every time it attempts to make a TLS
s2s connection to proxy.eu.jabber.org. My reading of the gdb output shows it
croaks in some function inside libz.so.

I rebuilt openssl without support for zlib, and the problem went away.
Comparing the configuration to the base system openssl, I see that zlib is
also disabled there, so I feel confident that this is an acceptable solution.

That said, none of my other applications had any problems with zlib support in
openssl:  apache, subversion, postfix, openvpn, opendkim, nrpe2, etc. but I
don't know if they even tried to use compression.

>How-To-Repeat:
	

Here's what GDB had to say about the core dump (program exited signal 11)

(gdb) where
#0  0x0000000807faac62 in deflateCopy () from /usr/lib/libz.so
#1  0x0000000807fab455 in deflateSetDictionary () from /usr/lib/libz.so
#2  0x0000000807fabe97 in deflate () from /usr/lib/libz.so
#3  0x000000080747dbae in zlib_stateful_compress_block ()
   from /usr/local/lib/libcrypto.so.8
#4  0x000000080747ce22 in COMP_compress_block ()
   from /usr/local/lib/libcrypto.so.8
#5  0x0000000807939eee in ssl3_do_compress () from /usr/local/lib/libssl.so.8
#6  0x000000080793a0b4 in do_ssl3_write () from /usr/local/lib/libssl.so.8
#7  0x000000080793a5ec in ssl3_write_bytes () from /usr/local/lib/libssl.so.8
#8  0x000000080793cb1d in ssl3_do_write () from /usr/local/lib/libssl.so.8
#9  0x0000000807936420 in ssl3_connect () from /usr/local/lib/libssl.so.8
#10 0x0000000807da2d93 in tls_drv_control ()
   from /usr/local/lib/erlang/lib/ejabberd-2.1.13/priv/lib/tls_drv.so
#11 0x000000000048641f in erts_port_control ()
#12 0x00000000004fd0cf in port_control_3 ()
#13 0x000000000052dd1e in process_main ()
#14 0x0000000000498b5c in erts_test_next_pid ()
#15 0x0000000000594ce9 in ethr_thr_join ()
#16 0x00000008010840a4 in pthread_getprio () from /lib/libthr.so.3
#17 0x0000000000000000 in ?? ()
Cannot access memory at address 0x7fffff7ed000
(gdb)


>Fix:

	


rebuild openssl port without zlib support.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->ashish 
Responsible-Changed-By: rm 
Responsible-Changed-When: Tue Sep 10 22:01:17 UTC 2013 
Responsible-Changed-Why:  
Over to maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=181994 

From: ashish@FreeBSD.org (Ashish SHUKLA)
To: bug-followup@FreeBSD.org,vivek@khera.org
Cc:  
Subject: Re: ports/181994: ejabberd crashes with openssl+zlib
Date: Wed, 11 Sep 2013 04:18:44 +0530

 --=-=-=
 Content-Type: text/plain
 Content-Transfer-Encoding: quoted-printable
 
 Hi Vivek,
 
 This is a known issue[1] from quite sometime. I'm not sure about the fix
 either, though the workaround you already posted.
 
 Probably a bug needs to be filed upstream, if not already in all these
 years.
 
 I can file one by the end of the week, if you've not already reported it
 upstream.
 
 References:
 [1]  http://lists.jabber.ru/pipermail/ejabberd/2007-March/002604.html
 
 Thanks
 =2D-=20
 Ashish SHUKLA      | GPG: F682 CDCC 39DC 0FEA E116  20B6 C746 CFA9 E74F A4B0
 Sent from my Emacs
 
 --=-=-=
 Content-Type: application/pgp-signature; name="signature.asc"
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.20 (FreeBSD)
 
 iQIcBAEBCgAGBQJSL6HPAAoJEMdGz6nnT6SwjzsP/0Pq/4WwG6wQt83zV/IlvQKr
 npXrbcHPCRVc9oyVtnO5jHdqVr67HC4DK/3LeqM+t1VuM5nwJeSZ+8xtODVG4NHL
 VVGRkznL5tgS2zj1waXQMz63mIxEhCupGAZLNtXptCqCI/Af996ilh2Zxslb/DTX
 vcUKmjxD9PAIIKJteXoWzvCgpu5UbxSz1oTQg/EW2PjVjCdhbKD8XvfbG3Vlm9ER
 tKrjTs9gx+NvmD4B7oqpBWJX8pqFop6HREdPxxTRF5Z2gcp2jCHLFau1KfApQi2g
 MgIXBNWJ1bogm/MiOISgORwLxTwE3UTMjxPjccrU89IL5Na+Gtf6ZJHauFQnIyJk
 7YXNC7TBOF+kT0jCdVOIlEsuv1rd21YpQqLXYxHQOYUqBvzLBUvWYw+3rW2FUXxd
 9WnfUBdusM77ITDmNsFZiTLoSbectI0UgiV/eoL1ho3HZpMfyLghlCzhhojdcVEr
 rmoIMQCPE/cxE1DEySps5quL4rfOAiN0UXtHsL2IJ4AwW0Q9EtJdYf0wV9gkwHMD
 8MFZqp6mPC0Q5iDbxjxzgWfe8InE+4qEgKwFLRGwp+1yguzivr/iIvkTC/5v6whb
 eAOcHojJSo+r/RvAU5Mvd9foiTGZrMMFAPI35wDN1zL/553JQFmhyHu3aU1FgNc2
 ZYLPoTw6DW3nfj48r9OX
 =Pq1y
 -----END PGP SIGNATURE-----
 --=-=-=--

From: Vick Khera <vivek@khera.org>
To: Ashish SHUKLA <ashish@freebsd.org>
Cc: "bug-followup@FreeBSD.org" <bug-followup@freebsd.org>
Subject: Re: ports/181994: ejabberd crashes with openssl+zlib
Date: Wed, 11 Sep 2013 08:04:50 -0400

 --089e013d14b2b270b204e61a6d1d
 Content-Type: text/plain; charset=ISO-8859-1
 
 Wow. Thanks for the followup. I searched google but nothing like this came
 up. I'm shocked that 6 years later it sill crashes like that!
 
 I don't think it is such a big deal, since current security thinking is
 that compression on encrypted streams is a bad idea anyway, at least for
 HTTPS.
 
 --089e013d14b2b270b204e61a6d1d
 Content-Type: text/html; charset=ISO-8859-1
 
 <div dir="ltr"><div class="gmail_extra" style>Wow. Thanks for the followup. I searched google but nothing like this came up. I&#39;m shocked that 6 years later it sill crashes like that!</div><div class="gmail_extra" style>
 <br></div><div class="gmail_extra" style>I don&#39;t think it is such a big deal, since current security thinking is that compression on encrypted streams is a bad idea anyway, at least for HTTPS.</div></div>
 
 --089e013d14b2b270b204e61a6d1d--

From: ashish@FreeBSD.org (Ashish SHUKLA)
To: vivek@khera.org
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/181994: net-im/ejabberd crashes with openssl+zlib
Date: Mon, 16 Sep 2013 12:16:45 +0530

 --=-=-=
 Content-Type: text/plain
 Content-Transfer-Encoding: quoted-printable
 
 Hi,
 
 Filed an upstream bug report EJAB-1663[1].
 
 References:
 [1]  https://support.process-one.net/browse/EJAB-1663
 
 =2D-=20
 Ashish SHUKLA      | GPG: F682 CDCC 39DC 0FEA E116  20B6 C746 CFA9 E74F A4B0
 Sent from my Emacs
 
 --=-=-=
 Content-Type: application/pgp-signature; name="signature.asc"
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.20 (FreeBSD)
 
 iQIcBAEBCgAGBQJSNqlYAAoJEMdGz6nnT6SwVycQAKScIDBuiizBTjdpYSjIrxCU
 QzsDTkly9SaOkvWbuw5uzHYicwAXcUBnN4435kGwf4rAdDdUANn+IpgiHvAXIVdz
 90Y3sIAzfV2yyHwDO5+dO5QdFPnOkaGq6YLU8W+18Nowzs5ISaNvdL2tgeXXoY9L
 gCy3bsmCO9JYf8l7FrW/YLVv2pMGhd6inZ67dYQ0rG3O5XmNHEGKtXQCnN77OTXY
 FuRq6p1kSSe3+0fSvX2BUzr8EbDDzDZ18+jx0IBL6pm3fWAjjPWEdtGZ0cENzwAB
 SzAx7sAvnIu9ASd+6iZT7QS0HYbZ1KKQQ8py+ZqB7ej7AhNOJB2FRTmW3FSH5PJ5
 EGZskHEaXvmb5lZHh6LHtVK1vGHl9ZGCARNKnbzfwdis+EnZUx0GgzqXubb0ELs2
 tpd74Ct2ilWv40SklB1vZoT81vEuyL9j1ovLS5cmmLQTkT5MfIvpuqmgQSn+Wsjk
 tLdtMI7j3bMh+7Nv/U8Z4oxYAaT49q5d7QROJ/KJhmc7TGx6H9X/eqj5fLhlU8kZ
 Hk9X95hgrsuT53BNHNr2cLcQAWgiDuTGMtQEnrwJiQClVLODi2WGD6IdBAJCkp5U
 rCZNgwqFzYcAfpL8OxTf9onzt/LovS4DOtQFIOQNuIeGvzorKZzOYTjYTIlVU1sJ
 G6QZdrI02wm9AjK+Sx/V
 =GdnN
 -----END PGP SIGNATURE-----
 --=-=-=--
>Unformatted:
