Nginx 0.8.55 && 1.1.0 core dump if switch from http to https with HUP

Server NGINX
1

Hi,
Nginx crash if switch http to https, steps to reproduce are :

  1. setup a normal config of http

  2. start nginx

  3. edit config file and add:
    ssl on;
    ssl_certificate /path/to/root.cert;
    ssl_certificate_key /path/to//root.key;
    ssl_client_certificate /path/to//root.ca.cert;

  4. kill -HUP pid_of_nginx

  5. nginx crashed.

If I use the following cfg to start nginx http :
ssl off;
ssl_certificate /path/to/root.cert;
ssl_certificate_key /path/to//root.key;
ssl_client_certificate /path/to//root.ca.cert;

after nginx started, then changed the config to :
ssl on;
ssl_certificate /path/to/root.cert;
ssl_certificate_key /path/to//root.key;
ssl_client_certificate /path/to//root.ca.cert;

kill -HUP pid_of_nginx, everything is OK. nginx NOT crashed.

secone-dev:/secone/webap/conf# /secone/webap/sbin/nginx -V
nginx version: nginx/0.8.55
built by gcc 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)
TLS SNI support disabled
configure arguments: --prefix=/secone/webap --pid-path=/secone/var
–with-cpu-opt=pentium4 --with-pcre --with-ipv6
–without-http_autoindex_module --without-http_ssi_module
–without-http_empty_gif_module --without-http_memcached_module
–without-http_charset_module --without-http_split_clients_module
–with-http_stub_status_module --with-http_ssl_module
–with-http_realip_module --with-http_sub_module
–with-http_geoip_module

(gdb) bt
#0 ngx_slab_alloc (pool=0x0, size=40) at src/core/ngx_slab.c:145
#1 0x080683c6 in ngx_ssl_session_cache_init (shm_zone=0x81037e4,
data=0x0)
at src/event/ngx_event_openssl.c:1518
#2 0x08058d14 in ngx_init_cycle (old_cycle=0x80c8738)
at src/core/ngx_cycle.c:454
#3 0x0806662f in ngx_master_process_cycle (cycle=0x80c8738)
at src/os/unix/ngx_process_cycle.c:240
#4 0x0804d151 in main (argc=3, argv=0xbfaf09b4) at src/core/nginx.c:401

(gdb) frame 1
#1 0x080683c6 in ngx_ssl_session_cache_init (shm_zone=0x81037e4,
data=0x0)
at src/event/ngx_event_openssl.c:1518
1518 cache = ngx_slab_alloc(shpool,
sizeof(ngx_ssl_session_cache_t));
(gdb) l
1513 return NGX_OK;
1514 }
1515
1516 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
1517
1518 cache = ngx_slab_alloc(shpool,
sizeof(ngx_ssl_session_cache_t));
1519 if (cache == NULL) {
1520 return NGX_ERROR;
1521 }
1522

(gdb) info locals
shpool = (ngx_slab_pool_t *) 0x0
(gdb) info args
shm_zone = (ngx_shm_zone_t *) 0x81037e4
data = (void *) 0x0

It seems nginx 1.1.0 also has this issue.
secone-dev:/secone/webap/conf# /secone/webap/sbin/nginx -V
nginx: nginx version: nginx/1.1.0
nginx: built by gcc 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)
nginx: TLS SNI support disabled
nginx: configure arguments: --prefix=/secone/webap
–pid-path=/secone/var --with-cpu-opt=pentium4 --with-pcre --with-ipv6
–without-http_autoindex_module --without-http_ssi_module
–without-http_empty_gif_module --without-http_memcached_module
–without-http_charset_module --without-http_split_clients_module
–with-http_stub_status_module --with-http_ssl_module
–with-http_realip_module --with-http_sub_module
–with-http_geoip_module

2

Hello!

On Tue, Aug 02, 2011 at 04:35:28PM +0800, Delta Y. wrote:

  1. kill -HUP pid_of_nginx
  2. nginx crashed.

Thank you for your report. Attached patch should fix this problem.

Maxim D.

3

Thanks , after apply the patch, crash won’t happen again.

2011/8/2 Maxim D. [email protected]:

4

Hi Igor,

I apply your patch against svn trunk, it fix the crash.
Thanks .

2011/8/3 Igor S. [email protected]:

5

On Wed, Aug 03, 2011 at 01:26:04PM +0800, Delta Y. wrote:

Thanks , after apply the patch, crash won’t happen again.

Could you test another attached patch ?