Bug #65055 Embedded yaSSL version contains symbols that conflict with libcrypto.
Submitted: 20 Apr 2012 14:43 Modified: 22 Jan 2014 14:53
Reporter: brian carlson Email Updates:
Status: Closed Impact on me:
Category:MySQL Server: Compiling Severity:S3 (Non-critical)
Version:5.1.62 OS:Linux
Assigned to: CPU Architecture:Any
Tags: Contribution

[20 Apr 2012 14:43] brian carlson
If MySQL 5.1.62 is built with the embedded yaSSL version, it builds taocrypt/src/crypto.cpp into the libmysqlclient shared library. This file contains four functions that are found in libcrypto (from OpenSSL). If libmysqlclient is used in the same binary as OpenSSL (such as php with curl using OpenSSL), then there is a symbol conflict and the program crashes.

How to repeat:
1. Compile MySQL 5.1.62 with the embedded yaSSL version.
2. Make sure php is linked against this libmysqlclient.
3. Make sure php has curl support using OpenSSL.
4. Run the attached php file (php foo.php).
5. Observe php crashing.

Suggested fix:
Simply do not build this file since it is unneeded. A patch to do this will be attached.
[20 Apr 2012 14:48] brian carlson
Test php script to reproduce the problem.

Attachment: foo.php (text/php), 554 bytes.

[20 Apr 2012 14:49] brian carlson
A patch to prevent the offending file from being built

Attachment: mysql-yassl.patch (application/octet-stream, text), 740 bytes.

[25 Apr 2012 18:54] Sveta Smirnova
Thank you for the report.

I can not repeat described behavior. Please provide output of `ldd /path/to/libmysqlclient`
[25 Apr 2012 18:58] brian carlson
brianc ok # ldd /usr/lib/libmysqlclient.so.16
	linux-gate.so.1 =>  (0x004da000)
	libpthread.so.0 => /lib/libpthread.so.0 (0x0067d000)
	libcrypt.so.1 => /lib/libcrypt.so.1 (0x00acb000)
	libnsl.so.1 => /lib/libnsl.so.1 (0x00712000)
	libm.so.6 => /lib/libm.so.6 (0x00bd7000)
	libc.so.6 => /lib/libc.so.6 (0x0034a000)
	/lib/ld-linux.so.2 (0x00c4f000)
	libfreebl3.so => /lib/libfreebl3.so (0x00110000)
	libdl.so.2 => /lib/libdl.so.2 (0x00d0b000)
[25 Apr 2012 19:31] Sveta Smirnova
Thank you for the feedback.

I am sorry: forgot to ask. What is the output of `ldd /path/to/php`?
[25 Apr 2012 19:55] brian carlson
brianc ok # ldd /var/cpanel/3rdparty/bin/php
	linux-gate.so.1 =>  (0x00ff1000)
	libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00729000)
	libcrypt.so.1 => /lib/libcrypt.so.1 (0x0028a000)
	libz.so.1 => /lib/libz.so.1 (0x004fb000)
	libmysqlclient.so.16 => /usr/lib/libmysqlclient.so.16 (0x002ba000)
	libmcrypt.so.4 => /opt/libmcrypt/lib/libmcrypt.so.4 (0x0060a000)
	libltdl.so.7 => /usr/lib/libltdl.so.7 (0x00c43000)
	libssl.so.10 => /usr/lib/libssl.so.10 (0x00110000)
	libcrypto.so.10 => /usr/lib/libcrypto.so.10 (0x00911000)
	libpam.so.0 => /lib/libpam.so.0 (0x00aab000)
	libX11.so.6 => /usr/lib/libX11.so.6 (0x00ab9000)
	libXpm.so.4 => /usr/lib/libXpm.so.4 (0x001e4000)
	libpng12.so.0 => /usr/lib/libpng12.so.0 (0x00168000)
	libjpeg.so.62 => /usr/lib/libjpeg.so.62 (0x00897000)
	libpcre.so.0 => /opt/pcre/lib/libpcre.so.0 (0x00190000)
	librt.so.1 => /lib/librt.so.1 (0x00516000)
	libresolv.so.2 => /lib/libresolv.so.2 (0x00d02000)
	libm.so.6 => /lib/libm.so.6 (0x00eb0000)
	libdl.so.2 => /lib/libdl.so.2 (0x001ce000)
	libnsl.so.1 => /lib/libnsl.so.1 (0x00cdb000)
	libgssapi_krb5.so.2 => /lib/libgssapi_krb5.so.2 (0x001f5000)
	libkrb5.so.3 => /lib/libkrb5.so.3 (0x0051f000)
	libk5crypto.so.3 => /lib/libk5crypto.so.3 (0x00234000)
	libcom_err.so.2 => /lib/libcom_err.so.2 (0x006d5000)
	libcurl.so.4 => /opt/curlssl/lib/libcurl.so.4 (0x00636000)
	libidn.so.11 => /lib/libidn.so.11 (0x004ae000)
	libxml2.so.2 => /opt/xml2/lib/libxml2.so.2 (0x00d1c000)
	libc.so.6 => /lib/libc.so.6 (0x00ff2000)
	/lib/ld-linux.so.2 (0x008f1000)
	libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00260000)
	libfreebl3.so => /usr/lib/libfreebl3.so (0x006da000)
	libpthread.so.0 => /lib/libpthread.so.0 (0x004e0000)
	libaudit.so.1 => /lib/libaudit.so.1 (0x00689000)
	libxcb.so.1 => /usr/lib/libxcb.so.1 (0x006a1000)
	libkrb5support.so.0 => /lib/libkrb5support.so.0 (0x001d3000)
	libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x00fdb000)
	libXau.so.6 => /usr/lib/libXau.so.6 (0x001de000)
	libselinux.so.1 => /lib/libselinux.so.1 (0x00814000)
[14 May 2012 22:19] Jesper wisborg Krogh
Test case in C

Attachment: test.c (application/octet-stream, text), 606 bytes.

[14 May 2012 22:22] Jesper wisborg Krogh
Compiling test.c on SuSE 11 with the following options:
  gcc -g -o test -L/usr/lib64 -lmysqlclient_r -lcurl test.c

with MySQL 5.1.62+ installed causes a segmentation fault.

Adding -lcrypto before (important) -lmysqlclient_r

  gcc -g -o test -L/usr/lib64 -lcrypto -lmysqlclient_r -lcurl test.c

and the program works.
The program in test.c works on OEL 6.2 which comes with a newer version of libcrypto.
[16 May 2012 16:48] David Wood
The patch by Brian Carlson resolved the same issue for multiple services that I manage.  Rebuilding PHP after updating mysql 5.1.62 without the YaSSL hooks allows PHP's ssl code to operate correctly.
[5 Jan 2013 2:27] alexander qiao
thanks Jesper Wisborg Krogh ,It's very goods.
[22 Jan 2014 14:51] Paul DuBois
Noted in 5.1.66 changelog.

The libmysqlclient_r client library exported symbols from yaSSL that
conflict with OpenSSL. If a program linked against that library and
libcurl, it could crash with a segmentation fault.