Segfault with Secure Download

MokuTheCow · June 3, 2010, 3:43pm

Hi;

I’ve compiled in Secure Download to nginx 0.7.65 & 0.8.39 and whenever I
make use of the Secure Download directives, the processes keep
segfaulting.

[size=small]Jun  3 04:04:03 localhost kernel: nginx[23299]: segfault at 
1 ip 00000000004204ad sp 00007fffbda98228 error 4 in nginx[400000+6a000]
Jun  3 04:04:03 localhost kernel: nginx[23298]: segfault at 1 ip 
00000000004204ad sp 00007fffbda98228 error 4 in nginx[400000+6a000]
Jun  3 04:04:03 localhost kernel: nginx[23285]: segfault at 1 ip 
00000000004204ad sp 00007fffbda98228 error 4 in nginx[400000+6a000]
Jun  3 04:04:03 localhost kernel: nginx[23291]: segfault at 1 ip 
00000000004204ad sp 00007fffbda98228 error 4 in nginx[400000+6a000]
Jun  3 04:04:03 localhost kernel: nginx[23301]: segfault at 1 ip 
00000000004204ad sp 00007fffbda98228 error 4 in 
nginx[400000+6a000][/size]

The module creator says it’s been tested in 0.7.61, but we had it
working for a period of time in 0.7.65 before the segfaults started,
seemingly out of nowhere.

Does anyone have any idea what could be causing this?

I’m using Fedora Core 12 with bonding across three 1 gigabit interfaces.
The server regularly pushes out 2.5+ gigabits of bandwidth - we have a
good idea of what we are doing over here so technical responses are
welcome.

[sub]Linux version 2.6.32.11-99.fc12.x86_64
([email protected]) (gcc version 4.4.3 20100127
(Red Hat 4.4.3-4) (GCC) ) #1 SMP Mon Apr 5 19:59:38 UTC 2010[/sub]

Thanks!

Richard

Posted at Nginx Forum:

MokuTheCow · June 3, 2010, 4:01pm

Probably the best way to start is to create the coredump / backtrace (
http://wiki.nginx.org/NginxDebugging ).

Also as that is a third-party module tried to contact the author
directly
(if you are sure the module is the cause)? (the first step most likely
will
be needed anyways unless the module is broken in general with the nginx
version changes).

rr

From: “MokuTheCow” [email protected]
Sent: Thursday, June 03, 2010 4:42 PM
To: [email protected]
Subject: Segfault with Secure Download

MokuTheCow · June 3, 2010, 4:55pm

i agree, to be able to help you i will need more debug info like a
backtrace. please do not forget to also include your config file. you
also mentioned that those segfaults suddenly started, do you know if
anything changed, in the config or wherever at this time?

MokuTheCow · June 7, 2010, 8:30am

hi,

did you ever find anything more about this segfault? if its really
related to the secure download module i would be interested in fixing
it.

mauro

MokuTheCow · June 17, 2010, 9:08pm

-V

[root@localhost ~]# nginx -V nginx version: nginx/0.7.9 built by gcc 4.4.3 20100127 (Red Hat 4.4.3-4) (GCC) configure arguments: --with-http_flv_module --add-module=/root/nginx/ngx_http_secure_download/ --add-module=/root/nginx/nginx_mod_h264_streaming-2.2.7/

conf

[code]worker_processes 512;
worker_rlimit_core 500M;
working_directory /tmp;

timer_resolution 1000ms;

#pid logs/nginx.pid;

events {
worker_connections 16384;
multi_accept on;
}

http {

    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    tcp_nopush     on;

    keepalive_timeout  15;

    access_log      /dev/null combined;
    error_log       /dev/null crit;

    server {
            listen          74.82.53.42:8080;
            server_name     node1.website.com;

            location / {
                    flv;
                    root /home/ssd/;
                    secure_download on;
                    secure_download_secret "pass";
                    secure_download_path_mode file;
            }
    }

}
[/code]

After doing some more testing, when the download finishes via
secure_download is when nginx fails out with the error in the first
post.

2010/06/17 15:02:02 [info] 3475#0: *1001 securedownload: evaluated value of secret: "tacorape", client: 207.178.151.60, server: node1.fairyshare.com, request: "GET /Victoria_Crater__Cape_Verde_Mars_small.jpg/73fb3ecfdbc865c4e2905825d8d18113/4c1a75c3 HTTP/1.1", host: "node1.fairyshare.com:8080" 2010/06/17 15:02:02 [debug] 3475#0: *1001 hashing string "/Victoria_Crater__Cape_Verde_Mars_small.jpg/tacorape/4c1a75c3" with len 61 2010/06/17 15:02:02 [debug] 3475#0: *1001 computed hash: 73fb3ecfdbc865c4e2905825d8d18113

Then in the syslog…

Jun 17 15:02:04 localhost kernel: nginx[3475]: segfault at 1 ip 000000000041e6c6 sp 00007ffff0891c98 error 4 in nginx[400000+6a000]

Posted at Nginx Forum:

MokuTheCow · June 18, 2010, 4:49am

could you please check if this still happens if you add a
secure_download_fail_location?

http://wiki.nginx.org/NginxHttpSecureDownload

MokuTheCow · June 18, 2010, 7:11am

replay Wrote:

could you please check if this still happens if
you add a
secure_download_fail_location?

works now - Thank you very much for your help.

Posted at Nginx Forum:

MokuTheCow · June 17, 2010, 9:08pm

-V

[root@localhost ~]# nginx -V nginx version: nginx/0.7.9 built by gcc 4.4.3 20100127 (Red Hat 4.4.3-4) (GCC) configure arguments: --with-http_flv_module --add-module=/root/nginx/ngx_http_secure_download/ --add-module=/root/nginx/nginx_mod_h264_streaming-2.2.7/

conf

[code]worker_processes 512;
worker_rlimit_core 500M;
working_directory /tmp;

timer_resolution 1000ms;

#pid logs/nginx.pid;

events {
worker_connections 16384;
multi_accept on;
}

http {

    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    tcp_nopush     on;

    keepalive_timeout  15;

    access_log      /dev/null combined;
    error_log       /dev/null crit;

    server {
            listen          74.82.53.42:8080;
            server_name     node1.website.com;

            location / {
                    flv;
                    root /home/ssd/;
                    secure_download on;
                    secure_download_secret "pass";
                    secure_download_path_mode file;
            }
    }

}
[/code]

After doing some more testing, when the download finishes via
secure_download is when nginx fails out with the error in the first
post.

2010/06/17 15:02:02 [info] 3475#0: *1001 securedownload: evaluated value of secret: "tacorape", client: 207.178.151.60, server: node1.fairyshare.com, request: "GET /Victoria_Crater__Cape_Verde_Mars_small.jpg/73fb3ecfdbc865c4e2905825d8d18113/4c1a75c3 HTTP/1.1", host: "node1.fairyshare.com:8080" 2010/06/17 15:02:02 [debug] 3475#0: *1001 hashing string "/Victoria_Crater__Cape_Verde_Mars_small.jpg/tacorape/4c1a75c3" with len 61 2010/06/17 15:02:02 [debug] 3475#0: *1001 computed hash: 73fb3ecfdbc865c4e2905825d8d18113

Then in the syslog…

Jun 17 15:02:04 localhost kernel: nginx[3475]: segfault at 1 ip 000000000041e6c6 sp 00007ffff0891c98 error 4 in nginx[400000+6a000]

Posted at Nginx Forum:

MokuTheCow · June 18, 2010, 7:13am

k, i think i will just make the secure_download_fail_location
parameter mandatory, since it anyway doesn’t make sense to don’t have
it. seems that a few people already struggled over that problem.

MokuTheCow · June 21, 2010, 8:38am

hi,

i just uploaded a new version which should now tell you that it won’t
work if you don’t specify the fail location:

http://wiki.nginx.org/File:Ngx_http_secure_download.tar.gz

mauro