classification
Title: Python(2.5.1) will be crashed when i use _ssl module in multi-threads environment in linux.
Type: crash Stage:
Components: Extension Modules Versions: Python 2.5
process
Status: closed Resolution: out of date
Dependencies: Superseder:
Assigned To: janssen Nosy List: andrej, christian.heimes, dugang@188.com, gvanrossum, janssen
Priority: normal Keywords: patch

Created on 2008-01-30 22:58 by dugang@188.com, last changed 2010-08-03 18:58 by terry.reedy. This issue is now closed.

Files
File name Uploaded Description Edit
_ssl.c.patch dugang@188.com, 2008-01-30 22:58 patch for Modules/_ssl.c
Messages (6)
msg61880 - (view) Author: (dugang@188.com) Date: 2008-01-30 22:58
Python-2.5.1 will be crashed when i use _ssl module in multi-threads 
environment in linux. the sample code looks as below(A https server is 
running on host which ip is "192.168.5.151" and many certificates and 
keys in PEM format are in the directory "./cert". These certificates 
and keys are ok because i can use them in a web browser like IE/
Firefox.):

------------------------------------------------------------------------
------
#! /home/duxg/Download/soft/Python-2.5.1/python
#
#   filename: test.py
#
'''This script simulates the behaviors of a https client.'''

import threading
import httplib

class HTTPSClient(threading.Thread):
    def __init__(self, server_ip, url, cert_file, key_file):
        threading.Thread.__init__(self)
        # get run parameters 
        self.server_ip = server_ip
        self.url = url 
        self.cert_file = cert_file
        self.key_file = key_file

    def get(self):
        # make headers
        headers = {'User-Agent': 'https_test/dugang@188.com', 
                   'Connection': 'close'
                  }
        # use httplib
        conn = httplib.HTTPSConnection('%s' % self.server_ip, \
                                       key_file = self.key_file, \
                                       cert_file = self.cert_file)
        # http get
        conn.request('GET', self.url, headers = headers)
        resp = conn.getresponse()
        # check response
        if resp.status != 200:
            print 'get(%s) failed/status=%d.' % (self.url, resp.status)
            return False
        return True
    
    def run(self):
        while True:
            self.get()

def main():
    worker_number = 100

    threading.stack_size(512 * 1024)
    worker = []
    for i in range(worker_number):
        # create worker thread
        worker.append(HTTPSClient('192.168.5.151', '/test.html', \
                                  './cert/testu%d.cert' % i, \
                                  './cert/testu%d.key' % i))
    for w in worker:
        # go
        w.start()
    for w in worker:
        # wait
        w.join()

main()
------------------------------------------------------------------------
------

  This code will be produced a lot of exceptions and finally it will 
cause Python crashed.

------------------------------------------------------------------------
------
Exception in thread Thread-19:
Traceback (most recent call last):
  File "/home/duxg/Download/soft/Python-2.5.1/Lib/threading.py", line 
460, in __bootstrap
    self.run()
  File "./test.py", line 39, in run
    self.get()
  File "./test.py", line 29, in get
    conn.request('GET', self.url, headers = headers)
  File "/home/duxg/Download/soft/Python-2.5.1/Lib/httplib.py", line 
862, in request
    self._send_request(method, url, body, headers)
  File "/home/duxg/Download/soft/Python-2.5.1/Lib/httplib.py", line 
885, in _send_request
    self.endheaders()
  File "/home/duxg/Download/soft/Python-2.5.1/Lib/httplib.py", line 
856, in endheaders
    self._send_output()
  File "/home/duxg/Download/soft/Python-2.5.1/Lib/httplib.py", line 
728, in _send_output
    self.send(msg)
  File "/home/duxg/Download/soft/Python-2.5.1/Lib/httplib.py", line 
695, in send
    self.connect()
  File "/home/duxg/Download/soft/Python-2.5.1/Lib/httplib.py", line 
1131, in connect
    ssl = socket.ssl(sock, self.key_file, self.cert_file)
  File "/home/duxg/Download/soft/Python-2.5.1/Lib/socket.py", line 74, 
in ssl
    return _realssl(sock, keyfile, certfile)
sslerror: SSL_CTX_use_certificate_chain_file error

...

*** glibc detected *** /home/duxg/Download/soft/Python-2.5.1/python: 
double free or corruption (!prev): 0x0a2b71a0 ***
======= Backtrace: =========
/lib/libc.so.6[0x887f41]
/lib/libc.so.6(cfree+0x90)[0x88b580]
/lib/libcrypto.so.6(CRYPTO_free+0x3a)[0x14f46a]
/lib/libcrypto.so.6(ERR_clear_error+0x73)[0x1a4d13]
/lib/libssl.so.6(SSL_CTX_use_certificate_chain_file+0x227)[0x358e47]
/home/duxg/Download/soft/Python-2.5.1/build/lib.linux-i686-2.5/
_ssl.so[0xb9eb9e]
/home/duxg/Download/soft/Python-2.5.1/
python(PyEval_EvalFrameEx+0x5d2c)[0x80c539c]
/home/duxg/Download/soft/Python-2.5.1/
python(PyEval_EvalCodeEx+0x775)[0x80c65d5]
/home/duxg/Download/soft/Python-2.5.1/
python(PyEval_EvalFrameEx+0x5419)[0x80c4a89]
/home/duxg/Download/soft/Python-2.5.1/
python(PyEval_EvalFrameEx+0x6155)[0x80c57c5]
/home/duxg/Download/soft/Python-2.5.1/
python(PyEval_EvalFrameEx+0x6155)[0x80c57c5]
/home/duxg/Download/soft/Python-2.5.1/
python(PyEval_EvalFrameEx+0x6155)[0x80c57c5]
/home/duxg/Download/soft/Python-2.5.1/
python(PyEval_EvalFrameEx+0x6155)[0x80c57c5]
/home/duxg/Download/soft/Python-2.5.1/
python(PyEval_EvalFrameEx+0x6155)[0x80c57c5]
/home/duxg/Download/soft/Python-2.5.1/
python(PyEval_EvalCodeEx+0x775)[0x80c65d5]
/home/duxg/Download/soft/Python-2.5.1/
python(PyEval_EvalFrameEx+0x5419)[0x80c4a89]
/home/duxg/Download/soft/Python-2.5.1/
python(PyEval_EvalFrameEx+0x6155)[0x80c57c5]
/home/duxg/Download/soft/Python-2.5.1/
python(PyEval_EvalFrameEx+0x6155)[0x80c57c5]
/home/duxg/Download/soft/Python-2.5.1/
python(PyEval_EvalCodeEx+0x775)[0x80c65d5]
/home/duxg/Download/soft/Python-2.5.1/python[0x810d6f1]
/home/duxg/Download/soft/Python-2.5.1/
python(PyObject_Call+0x27)[0x805a277]
/home/duxg/Download/soft/Python-2.5.1/python[0x80603a7]
/home/duxg/Download/soft/Python-2.5.1/
python(PyObject_Call+0x27)[0x805a277]
/home/duxg/Download/soft/Python-2.5.1/
python(PyEval_CallObjectWithKeywords+0x6c)[0x80be7cc]
/home/duxg/Download/soft/Python-2.5.1/python[0x80f01e8]
/lib/libpthread.so.0[0xc292fb]
/lib/libc.so.6(clone+0x5e)[0x8f093e]
======= Memory map: ========
00110000-00113000 r-xp 00000000 08:05 2417874    /home/duxg/Download/
soft/Python-2.5.1/build/lib.linux-i686-2.5/time.so
00113000-00115000 rwxp 00002000 08:05 2417874    /home/duxg/Download/
soft/Python-2.5.1/build/lib.linux-i686-2.5/time.so
00115000-00119000 r-xp 00000000 08:05 2417882    /home/duxg/Download/
soft/Python-2.5.1/build/lib.linux-i686-2.5/collections.so
00119000-0011a000 rwxp 00004000 08:05 2417882    /home/duxg/Download/
soft/Python-2.5.1/build/lib.linux-i686-2.5/collections.so
0011a000-0011c000 r-xp 00000000 08:05 2417878    /home/duxg/Download/
soft/Python-2.5.1/build/lib.linux-i686-2.5/_random.so
0011c000-0011d000 rwxp 00002000 08:05 2417878    /home/duxg/Download/
soft/Python-2.5.1/build/lib.linux-i686-2.5/_random.so
0011d000-00239000 r-xp 00000000 08:03 491746     /lib/
libcrypto.so.0.9.8b
00239000-0024b000 rwxp 0011c000 08:03 491746     /lib/
libcrypto.so.0.9.8b
0024b000-0024f000 rwxp 0024b000 00:00 0 
0024f000-0027b000 r-xp 00000000 08:09 623501     /usr/lib/
libgssapi_krb5.so.2.2
0027b000-0027c000 rwxp 0002c000 08:09 623501     /usr/lib/
libgssapi_krb5.so.2.2
0027c000-0027e000 r-xp 00000000 08:03 491630     /lib/libkeyutils-1.2.so
0027e000-0027f000 rwxp 00001000 08:03 491630     /lib/libkeyutils-1.2.so
00287000-00288000 r-xp 00287000 00:00 0          [vdso]
00288000-00317000 r-xp 00000000 08:09 623515     /usr/lib/libkrb5.so.3.3
00317000-00319000 rwxp 0008f000 08:09 623515     /usr/lib/libkrb5.so.3.3
00319000-00324000 r-xp 00000000 08:03 491522     /lib/libgcc_s-4.1.2-
20070503.so.1
00324000-00325000 rwxp 0000a000 08:03 491522     /lib/libgcc_s-4.1.2-
20070503.so.1
00328000-00369000 r-xp 00000000 08:03 491748     /lib/libssl.so.0.9.8b
00369000-0036d000 rwxp 00040000 08:03 491748     /lib/libssl.so.0.9.8b
003c8000-003ca000 r-xp 00000000 08:03 491577     /lib/libutil-2.6.so
003ca000-003cb000 r-xp 00001000 08:03 491577     /lib/libutil-2.6.so
003cb000-003cc000 rwxp 00002000 08:03 491577     /lib/libutil-2.6.so
00433000-00436000 r-xp 00000000 08:03 491551     /lib/libdl-2.6.so
00436000-00437000 r-xp 00002000 08:03 491551     /lib/libdl-2.6.so
00437000-00438000 rwxp 00003000 08:03 491551     /lib/libdl-2.6.so
00478000-0049f000 r-xp 00000000 08:03 491553     /lib/libm-2.6.so
0049f000-004a0000 r-xp 00026000 08:03 491553     /lib/libm-2.6.so
004a0000-004a1000 rwxp 00027000 08:03 491553     /lib/libm-2.6.so
004f4000-00506000 r-xp 00000000 08:03 491595     /lib/libz.so.1.2.3
00506000-00507000 rwxp 00011000 08:03 491595     /lib/libz.so.1.2.3
00581000-00591000 r-xp 00000000 08:03 491571     /lib/libresolv-2.6.so
00591000-00592000 r-xp 0000f000 08:03 491571     /lib/libresolv-2.6.so
00592000-00593000 rwxp 00010000 08:03 491571     /lib/libresolv-2.6.so
00593000-00595000 rwxp 00593000 00:00 0 
005d7000-005d9000 r-xp 00000000 08:05 2417903    /home/duxg/Download/
soft/Python-2.5.1/build/lib.linux-i686-2.5/fcntl.so
005d9000-005da000 rwxp 00002000 08:05 2417903    /home/duxg/Download/
soft/Python-2.5.1/build/lib.linux-i686-2.5/fcntl.so
00651000-00654000 r-xp 00000000 08:05 2417915    /home/duxg/Download/
soft/Python-2.5.1/build/lib.linux-i686-2.5/cStringIO.so
00654000-00655000 rwxp 00003000 08:05 2417915    /home/duxg/Download/
soft/Python-2.5.1/build/lib.linux-i686-2.5/cStringIO.so
00734000-0073d000 r-xp 00000000 08:05 2417935    /home/duxg/Download/
soft/Python-2.5.1/build/lib.linux-i686-2.5/_socket.so
0073d000-00740000 rwxp 00009000 08:05 2417935    /home/duxg/Download/
soft/Python-2.5.1/build/lib.linux-i686-2.5/_socket.so
00820000-0096e000 r-xp 00000000 08:03 491545     /lib/libc-2.6.so
0096e000-00970000 r-xp 0014e000 08:03 491545     /lib/libc-2.6.so
00970000-00971000 rwxp 00150000 08:03 491545     /lib/libc-2.6.so
00971000-00974000 rwxp 00971000 00:00 0 
009a7000-009a9000 r-xp 00000000 08:05 2417870    /home/duxg/Download/
soft/Python-2.5.1/build/lib.linux-i686-2.5/math.so
009a9000-009aa000 rwxp 00002000 08:05 2417870    /home/duxg/Download/
soft/Python-2.5.1/build/lib.linux-i686-2.5/math.so
00b11000-0Aborted (core dumped)
------------------------------------------------------------------------
------

    I think the problem is in that the _ssl module does not correctly 
initialize the OpenSSL Library, so i make a patch to fix it. now it 
seems worked well.
msg61883 - (view) Author: Bill Janssen (janssen) * (Python committer) Date: 2008-01-31 02:48
Thanks for the patch.

I'm of two minds about this.  It may well be an appropriate patch for
2.5.2 -- I seem to recall having to do something much like this in the
new SSL module -- but it patches the old SSL code which we are replacing
for 2.6.  And I'd recommend downloading and using the new SSL code from
PyPI with pre-2.6 Pythons instead of using the supplied support.  I'd
think, at the very least, this patch should include additions to the
test suite for socket_ssl before it's included.
msg61961 - (view) Author: Guido van Rossum (gvanrossum) * (Python committer) Date: 2008-02-01 16:00
I think it's worth applying this to 2.5.2 even if the patch is dead
after that.  More unittests are definitely in order.
msg61990 - (view) Author: Bill Janssen (janssen) * (Python committer) Date: 2008-02-02 02:05
OK, I'll read it more carefully and compare it to the 2.6 version of the
code.

Bill

On Feb 1, 2008 8:00 AM, Guido van Rossum <report@bugs.python.org> wrote:

>
> Guido van Rossum added the comment:
>
> I think it's worth applying this to 2.5.2 even if the patch is dead
> after that.  More unittests are definitely in order.
>
> ----------
> nosy: +gvanrossum
> priority: low -> normal
>
> __________________________________
> Tracker <report@bugs.python.org>
> <http://bugs.python.org/issue1978>
> __________________________________
>
msg83073 - (view) Author: (andrej) Date: 2009-03-03 12:33
Is there a reason why this patch has not been implemented in the
official release (2.5.4)? I am having plenty of troubles using it in a
similar program.
msg83078 - (view) Author: Bill Janssen (janssen) * (Python committer) Date: 2009-03-03 18:04
Yes, the reason is that the supplied patch doesn't provide enough test
cases.  This is a big patch; 2.5.x is a bug-fix release; a newer version
of the SSL code is available from PyPI as a work-around; I don't have
time right now to write more tests myself.  All of which means that I
won't look at it more till the patch (or another patch) includes more
test cases.
History
Date User Action Args
2010-08-03 18:58:09terry.reedysetstatus: open -> closed
resolution: out of date
2009-03-03 18:04:33janssensetmessages: + msg83078
2009-03-03 12:33:51andrejsetnosy: + andrej
messages: + msg83073
2008-11-03 17:14:48vstinnersetfiles: - unnamed
2008-02-02 02:05:24janssensetfiles: + unnamed
messages: + msg61990
2008-02-01 16:00:24gvanrossumsetpriority: low -> normal
nosy: + gvanrossum
messages: + msg61961
2008-01-31 02:48:49janssensetpriority: high -> low
nosy: + christian.heimes
messages: + msg61883
2008-01-31 00:02:48christian.heimessetpriority: high
assignee: janssen
components: + Extension Modules, - None
keywords: + patch
nosy: + janssen
2008-01-30 22:58:31dugang@188.comcreate