[Bug 224945] Re: [SRU] memory leaks in apache2 when running mod_ssl
Chuck Short
chuck.short at canonical.com
Tue May 13 16:26:25 BST 2008
Depending on the system load apache with apache-mpm-worker and mod_ssl
enabled will cause ssl to run out of memory and crash. The following
patch resolves this issue. It will be needed to be ported to intrepid
since it is also vulnerable to this condition.
Steps to reproduce: (TEST CASE)
1. Install apache-mpm-worker and ssl-cert
2. Confgure the SSL cert according to https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html.
3. Use the following config in your /etc/apache2/sites-enabled/default.
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/ssl/certs/ssl.pem
DocumentRoot /var/www
<Directory />
Options Indexes
</Directory>
</VirtualHost>
4. Run the following command:
ab -n 100000 -c 20 -f tls1 https://<ip address>:443/
You should get OOM errors in a couple of minutes of running the test.
If you have any questions let me know.
Regards
chuck
** Attachment added: "Patch that fixes the issue."
http://launchpadlibrarian.net/14495602/060_fix_ssl_mem_leak.dpatch
** Changed in: openssl (Ubuntu Hardy)
Status: New => Invalid
** Changed in: apache2 (Ubuntu Hardy)
Importance: Undecided => High
--
[SRU] memory leaks in apache2 when running mod_ssl
https://bugs.launchpad.net/bugs/224945
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list