Segmentation fault on Apache due to symbol clash with libasn1

[ailin-nemui]

Program received signal SIGSEGV, Segmentation fault.
0x00007fa7a8922a80 in der_length_octet_string () from target:/usr/lib/x86_64-linux-gnu/libasn1.so.8
(gdb) bt
#0  0x00007fa7a8922a80 in der_length_octet_string () from target:/usr/lib/x86_64-linux-gnu/libasn1.so.8
#1  0x00007fa78b535ce4 in der_decode_custom_type_ex (
    in=in@entry=0x55e4c009b1b0, 
    inlen=inlen@entry=86, root=root@entry=0x0, list=list@entry=0x7ffc49fcdf40, outlen=outlen@entry=4, flags=flags@entry=1)
    at ltc/pk/asn1/der/custom_type/der_decode_custom_type.c:223
...

sadly it seems the library uses the wrong der_length_octet_string function, thus crashing the web server.

[karel-m]

Frankly, I have no idea how to avoid this kind of name collision.

[ailin-nemui]

thanks for your response, I found this horrible workaround: https://github.com/AKSW/git_lfs_server_sshauth/#trouble-shooting

If Apache httpd crashes, there may be a symbol conflict between libasn1 and CryptX. You can re-install CryptX but this time like this, as a workaround:

export CFLAGS="-imacros $PWD/rename_symbols.inc"
cpan -c CryptX
cpan CryptX

[FGasper]

This conflict is biting us, too, in a different way, with der_length_integer. But it’s the same phenomenon.

https://github.com/DCIT/perl-CryptX/pull/79 is an attempted mitigation.

It looks like CryptX.so exports a whole bunch of symbols it doesn’t need to. (libasn1 seems to as well.) Renaming the functions seems like more a band-aid than a proper fix; the better course is to alter the build so that those functions aren’t exported.

[FGasper]

@ailin-nemui: Try the latest upstream … is your problem addressed?

[atoomic]

I believe that this is also now fixed as we merged #79 @ailin-nemui any chance you could confirm that this is fixed when using the last version from 574f1b589d008f59da0480021eb2eae45db55062

[karel-m]

should be fixed in CryptX-0.075_001

[ailin-nemui]

thanks, I tried 0.075_003 and it doesn't seem to crash Apache any more :+1: