search

axel-download-accelerator / axel

Lightweight CLI download accelerator
GNU General Public License v2.0
3.02k stars 267 forks source link

double free memory corruption when handle https url #433

Open FrancisHe opened 8 months ago

FrancisHe commented 8 months ago

Here is the stack backtrace:

Program terminated with signal 6, Aborted.
#0  0x00007f12b25ed1f7 in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x00007f12b25ed1f7 in raise () from /lib64/libc.so.6
#1  0x00007f12b25ee8e8 in abort () from /lib64/libc.so.6
#2  0x00007f12b262cf47 in __libc_message () from /lib64/libc.so.6
#3  0x00007f12b2634619 in _int_free () from /lib64/libc.so.6
#4  0x00007f12b2636918 in _int_realloc () from /lib64/libc.so.6
#5  0x00007f12b2638752 in realloc () from /lib64/libc.so.6
#6  0x00007f12b2c01389 in CRYPTO_realloc () from /lib64/libcrypto.so.10
#7  0x00007f12b2c7b1e1 in lh_insert () from /lib64/libcrypto.so.10
#8  0x00007f12b2c7d8b4 in int_thread_set_item () from /lib64/libcrypto.so.10
#9  0x00007f12b2c7e43e in ERR_get_state () from /lib64/libcrypto.so.10
#10 0x00007f12b2c7e4be in ERR_put_error () from /lib64/libcrypto.so.10
#11 0x00007f12b2cad90d in PEM_read_bio () from /lib64/libcrypto.so.10
#12 0x00007f12b2cabc9a in PEM_X509_INFO_read_bio () from /lib64/libcrypto.so.10
#13 0x00007f12b2cbb0fe in X509_load_cert_crl_file () from /lib64/libcrypto.so.10
#14 0x00007f12b2cbb262 in by_file_ctrl () from /lib64/libcrypto.so.10
#15 0x00007f12b2cb22d0 in X509_STORE_set_default_paths () from /lib64/libcrypto.so.10
#16 0x000000000040a398 in ssl_connect (fd=fd@entry=200, hostname=hostname@entry=0x7f12b0d34174 "example.com") at src/ssl.c:92
#17 0x0000000000409b37 in tcp_connect (tcp=tcp@entry=0x7f12b0d36a00, hostname=hostname@entry=0x7f12b0d34174 "example.com", port=port@entry=443, secure=1, local_if=0x0, io_timeout=io_timeout@entry=120) at src/tcp.c:181
#18 0x0000000000408820 in http_connect (conn=conn@entry=0x7f12b0d35db8, proto=<optimized out>, proto@entry=3, proxy=proxy@entry=0x0, host=host@entry=0x7f12b0d34174 "example.com", port=443, 
    user=user@entry=0x7f12b0d34d74 "", pass=0x7f12b0d35174 "", io_timeout=120) at src/http.c:129
#19 0x0000000000406fe2 in conn_init (conn=conn@entry=0x7f12b0d34160) at src/conn.c:271
#20 0x0000000000407233 in conn_setup (conn=conn@entry=0x7f12b0d34160) at src/conn.c:293
#21 0x000000000040412b in setup_thread (c=0x7f12b0d34160) at src/axel.c:836
#22 0x00007f12b2983e25 in start_thread () from /lib64/libpthread.so.0
#23 0x00007f12b26b035d in clone () from /lib64/libc.so.6

axel version: 2.17.13 openssl version: 1.0.1e

I guess some function in libcrypto is not thread-safe.

FrancisHe commented 8 months ago

The problem solved after i updated OpenSSL to libressl-3.9.1. I found a relative post: 

For earlier versions than 1.1.0, it is necessary for your application to set up the thread callback functions. To do this, your application must call CRYPTO_set_locking_callback(3) and one of the CRYPTO_THREADID_set... API's. See the OpenSSL threads manpage for details and "note on multi-threading" in the INSTALL file in the source distribution.