[openssl-dev] [openssl.org #3771] bug: s_client loop at 100% cpu
John Denker via RT
rt at openssl.org
Mon Mar 30 07:51:17 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Contrast the following two examples:
#1:
time : | openssl s_client -connect www.openssl.org:443 >& /dev/null
real 0m0.545s
user 0m0.000s
sys 0m0.000s
#2:
time : | openssl s_client -quiet -connect www.openssl.org:443 >& /dev/null
real 0m21.255s
user 0m9.500s
sys 0m11.180s
- -----------
Note the numerology: 21.225 - 9.5 - 11.18 = 0.545
That means that if you discount the half second it takes to actually
fetch the certificate, s_client was using 100% of the cpu the whole
time ... for more than 20 seconds.
I cannot imagine why it loops when "-quiet" is specified and not
otherwise. I cannot imagine why it loops for 20.5 seconds instead
of 20.5 minutes or 20.5 hours.
This is 100% reproducible chez moi, although the timings naturally
vary by a little bit.
(gdb) where
#0 0x00007ffff7903653 in __select_nocancel () at ../sysdeps/unix/syscall-template.S:81
#1 0x0000000000434d73 in s_client_main (argc=0, argv=0x7fffffffe680) at s_client.c:1794
#2 0x00000000004039a8 in do_cmd (prog=0x990540, argc=4, argv=0x7fffffffe660) at openssl.c:470
#3 0x00000000004035b8 in main (Argc=4, Argv=0x7fffffffe660) at openssl.c:366
openssl version
OpenSSL 1.1.0-dev xx XXX xxxx (latest github version)
Same symptoms observed in older versions:
openssl version
OpenSSL 1.0.1f 6 Jan 2014
uname -a
Linux asclepias 3.18.0+ #2 SMP Sun Dec 21 18:25:03 MST 2014 x86_64 x86_64 x86_64 GNU/Linux
=========
Obvious workaround: Don't specify the "-quiet" option. There are
other ways of dealing with the unwanted prolixity.
Priority: low. Compared to actual security problems such as the
nameconstraints bypass bug [openssl.org #3502] this is nothing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBVRg/GPO9SFghczXtAQJfwxAAzbmfw1gCJYNCoxgI0kVX1davQ2tqq9Pv
eC5rVzyrh3+ii/PlvgojjOi9KR4o/nOUoy7CzVKTyidG5PTM1J8nNrCrl2H48vic
iv6fNVsLxcibPGs7+De2SqZkiJXl2JvgCZuLACljxq39SrKK0SpNKWqM8DyQrnes
3Mfim3vEcPMHj5lrFTWvVP/tT+/aslW1WGHLuh5kh9KHLBoQQCH2kenVD4Rrxz+F
pa5PjRVf7rPQEfaFWKBZ2WLwStelp1ZriJN1TxEXPqWqZsWlUnKwJUhZZaAnBdUt
z4Vj9MhgQDPMnyWDy8sVb/5BAyiMoTL6/DJfm949tn3rsef6UHtCu3iHg+GRDTVP
AQ6I8TmGnQMpXGTQnmLA5fyHrmGlSbcdmcSDQaIA1noKuWyORT4/CBNMftt+A5gV
MuWrSdZg4/l1Tkon4712v3yucg9r2WSMbz5hEGxw99MVd7Kk27OHfSYrDowYvjKC
vwBtABvXTmsR387pkcTDpuRU8Ayk/OXM1cbkuK7Vsadr2sfcwvi6iuL02NVDITwQ
XyksioIKPf76pXJt5aUOwjnVdRN0XN67LdHSSBZlmjEImUYQxswmZDuWZbdm/ECr
5Ahxeij8wkNZUKDCMCa2HScbQGlx9YveI+jDs2m5pB40lDcSWTqm+FmHtCVImi++
0atbpVOZanc=
=oaVD
-----END PGP SIGNATURE-----
More information about the openssl-dev
mailing list