nginx 0.8.55 && 1.1.0 core dump if switch from http to https with HUP

Maxim Dounin mdounin at mdounin.ru
Tue Aug 2 12:41:07 UTC 2011


Hello!

On Tue, Aug 02, 2011 at 04:35:28PM +0800, Delta Yeh wrote:

> Hi,
>     Nginx crash if switch http to https, steps to reproduce are :
> 1. setup a normal config  of http
> 2. start nginx
> 3. edit config file and add:
>      ssl on;
>     ssl_certificate   /path/to/root.cert;
>     ssl_certificate_key /path/to//root.key;
>     ssl_client_certificate /path/to//root.ca.cert;
> 
> 4. kill -HUP pid_of_nginx
> 5.  nginx  crashed.

Thank you for your report.  Attached patch should fix this problem.

Maxim Dounin
-------------- next part --------------
# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1312288588 -14400
# Node ID bfa529856fb228a0d57321750460caab2e08a4ac
# Parent  561a37709f6d7f31424a04d7e2c4855a7464a933
Core: fix unused share zone handling on reload.

The problem manifiests itself e.g. if one have

    ssl_session_cache shared:SSL:1m;

but no ssl certificates set.  If nginx is reloaded with certificate(s)
added it will SIGSEGV.  Fix is to correctly ignore previously unused
shared memory zones when looking though old zones.

Additionally, don't try to free old unused shared memory zones and
free old used ones if new one is unused.

Reported by Delta Yeh,
http://mailman.nginx.org/pipermail/nginx/2011-August/028343.html

diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c
--- a/src/core/ngx_cycle.c
+++ b/src/core/ngx_cycle.c
@@ -439,6 +439,11 @@ ngx_init_cycle(ngx_cycle_t *old_cycle)
                 n = 0;
             }
 
+            if (oshm_zone[n].init == NULL) {
+                /* old unused shared zone */
+                continue;
+            }
+
             if (shm_zone[i].shm.name.len != oshm_zone[n].shm.name.len) {
                 continue;
             }
@@ -622,6 +627,11 @@ ngx_init_cycle(ngx_cycle_t *old_cycle)
             i = 0;
         }
 
+        if (oshm_zone[i].init == NULL) {
+            /* old unused shared zone */
+            continue;
+        }
+
         part = &cycle->shared_memory.part;
         shm_zone = part->elts;
 
@@ -636,6 +646,11 @@ ngx_init_cycle(ngx_cycle_t *old_cycle)
                 n = 0;
             }
 
+            if (shm_zone[n].init == NULL) {
+                /* unused shared zone */
+                continue;
+            }
+
             if (oshm_zone[i].shm.name.len == shm_zone[n].shm.name.len
                 && ngx_strncmp(oshm_zone[i].shm.name.data,
                                shm_zone[n].shm.name.data,


More information about the nginx mailing list