Description:
mysqld server crashes with signal 11 when a connection attempt is made with the 'SQLyog' graphical management utility in SSL-encrypted mode. This is SQLyog version 3.11 from http://www.sqlyog.com. Note that the server has not yet been configured with an SSL certificate.
This is a remotely exploitable, unauthenticated process to crash servers compiled with SSL support.
Server was compiled with:
--prefix=/usr/local --with-mysqld-user=database --without-bench --with-berke
ley-db --with-innodb --with-vio --with-openssl
mysqld got signal 11;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.
key_buffer_size=268435456
read_buffer_size=4190208
sort_buffer_size=4194296
max_used_connections=0
max_connections=50
threads_connected=1
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_connections = 671543 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.
thd=0x88268e0
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
Cannot determine thread, fp=0xbe5fef58, backtrace may not be correct.
Stack range sanity check OK, backtrace follows:
0x81096f7
0x4011d929
0x834fe49
0x811cfcb
0x81146cd
0x40117ada
0x403648c7
New value of fp=(nil) failed sanity check, terminating stack trace!
Please read http://www.mysql.com/doc/en/Using_stack_trace.html and follow instruction
s on how to resolve the stack trace. Resolved
stack trace is much more helpful in diagnosing the problem, so please do
resolve it
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at (nil) is invalid pointer
thd->thread_id=2
----
Stack trace decoded:
0x81096f7 handle_segfault + 487
0x4011d929 _end + 936341441
0x834fe49 sslaccept + 121
0x811cfcb _Z17check_connectionsP3THD + 715
0x81146cd handle_one_connection + 205
0x40117ada _end + 936317298
0x403648c7 _end + 938729311
------
SHOW VARIABLES
+---------------------------------+-------------------------------------------------------------------------------------------------+
| Variable_name | Value |
+---------------------------------+-------------------------------------------------------------------------------------------------+
| back_log | 50 |
| basedir | /usr/local/ |
| bdb_cache_size | 8388600 |
| bdb_log_buffer_size | 131072 |
| bdb_home | /home/netconf/data/ |
| bdb_max_lock | 10000 |
| bdb_logdir | |
| bdb_shared_data | OFF |
| bdb_tmpdir | /tmp/ |
| bdb_version | Sleepycat Software: Berkeley DB 3.2.9a: (May 14, 2003) |
| binlog_cache_size | 32768 |
| bulk_insert_buffer_size | 8388608 |
| character_set | latin1 |
| character_sets | latin1 cp1251 |
| concurrent_insert | ON |
| connect_timeout | 5 |
| convert_character_set | |
| datadir | /home/netconf/data/ |
| delay_key_write | ON |
| delayed_insert_limit | 100 |
| delayed_insert_timeout | 300 |
| delayed_queue_size | 1000 |
| flush | OFF |
| flush_time | 0 |
| ft_boolean_syntax | + -><()~*:""&| |
| ft_min_word_len | 4 |
| ft_max_word_len | 254 |
| ft_max_word_len_for_sort | 20 |
| ft_stopword_file | (built-in) |
| have_bdb | YES |
| have_crypt | YES |
| have_innodb | YES |
| have_isam | YES |
| have_raid | NO |
| have_symlink | YES |
| have_openssl | YES |
| have_query_cache | YES |
| init_file | |
| innodb_additional_mem_pool_size | 4194304 |
| innodb_buffer_pool_size | 838860800 |
| innodb_data_file_path | i1/d1:4000M;i1/d2:4000M;i1/d3:4000M;i1/d4:4000M;i2/d1:4000M;i2/d2:4000M;i2/d3:4000M;i2/d4:4000M |
| innodb_data_home_dir | /home/netconf/data/idb |
| innodb_file_io_threads | 4 |
| innodb_force_recovery | 0 |
| innodb_thread_concurrency | 8 |
| innodb_flush_log_at_trx_commit | 1 |
| innodb_fast_shutdown | ON |
| innodb_flush_method | |
| innodb_lock_wait_timeout | 50 |
| innodb_log_arch_dir | /home/netconf/data/idb/log |
| innodb_log_archive | OFF |
| innodb_log_buffer_size | 104857600 |
| innodb_log_file_size | 209715200 |
| innodb_log_files_in_group | 5 |
| innodb_log_group_home_dir | /home/netconf/data/idb/log |
| innodb_mirrored_log_groups | 1 |
| innodb_max_dirty_pages_pct | 90 |
| interactive_timeout | 28800 |
| join_buffer_size | 131072 |
| key_buffer_size | 268435456 |
| language | /usr/local/share/mysql/english/ |
| large_files_support | ON |
| local_infile | ON |
| locked_in_memory | OFF |
| log | OFF |
| log_update | OFF |
| log_bin | ON |
| log_slave_updates | OFF |
| log_slow_queries | OFF |
| log_warnings | OFF |
| long_query_time | 10 |
| low_priority_updates | OFF |
| lower_case_table_names | OFF |
| max_allowed_packet | 10484736 |
| max_binlog_cache_size | 4294967295 |
| max_binlog_size | 1073741824 |
| max_connections | 50 |
| max_connect_errors | 10 |
| max_delayed_threads | 20 |
| max_heap_table_size | 16777216 |
| max_join_size | 4294967295 |
| max_sort_length | 1024 |
| max_user_connections | 0 |
| max_tmp_tables | 32 |
| max_write_lock_count | 4294967295 |
| myisam_max_extra_sort_file_size | 268435456 |
| myisam_max_sort_file_size | 2147483647 |
| myisam_repair_threads | 1 |
| myisam_recover_options | OFF |
| myisam_sort_buffer_size | 33554432 |
| net_buffer_length | 16384 |
| net_read_timeout | 30 |
| net_retry_count | 10 |
| net_write_timeout | 60 |
| new | OFF |
| open_files_limit | 0 |
| pid_file | /home/netconf/data/sentry3.net.cmu.edu.pid |
| log_error | |
| port | 3306 |
| protocol_version | 10 |
| read_buffer_size | 4190208 |
| read_rnd_buffer_size | 262144 |
| rpl_recovery_rank | 0 |
| query_cache_limit | 1048576 |
| query_cache_size | 0 |
| query_cache_type | ON |
| server_id | 1 |
| slave_net_timeout | 3600 |
| skip_external_locking | ON |
| skip_networking | OFF |
| skip_show_database | OFF |
| slow_launch_time | 2 |
| socket | /tmp/mysql.sock |
| sort_buffer_size | 4194296 |
| sql_mode | 0 |
| table_cache | 256 |
| table_type | MYISAM |
| thread_cache_size | 8 |
| thread_stack | 196608 |
| tx_isolation | REPEATABLE-READ |
| timezone | EDT |
| tmp_table_size | 33554432 |
| tmpdir | /tmp/ |
| version | 4.0.13-log |
| wait_timeout | 28800 |
+---------------------------------+-------------------------------------------------------------------------------------------------+
How to repeat:
Start mysqld without SSL configuration but compiled with SSL support. Connect with SQLyog client with SSL encryption enabled. Server crashes repeatedly in this configuration (each connection attempt causes a signal 11).
Suggested fix:
Unknown
