httpd fails to start with double free after updating to openssl-1.0.2k-23.el7_9

Solution Verified - Updated -

Issue

  • We updated openssl to openssl-1.0.2k-23.el7_9. After this, httpd is no longer able to start and error_logs show double free back traces like the following:

    *** Error in `/usr/sbin/httpd': double free or corruption (fasttop): 0x00005637ad2df900 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x81329)[0x7fae1fa2d329]
/lib64/libcrypto.so.10(CRYPTO_free+0x1d)[0x7fae149db96d]
/lib64/libcrypto.so.10(sk_pop_free+0x30)[0x7fae14a93360]
/lib64/libcrypto.so.10(+0x170ed5)[0x7fae14added5]
/lib64/libcrypto.so.10(X509_get1_ocsp+0x80)[0x7fae14ade120]
/etc/httpd/modules/mod_ssl.so(+0x22afb)[0x7fae15064afb]
/etc/httpd/modules/mod_ssl.so(+0xfb0e)[0x7fae15051b0e]
/etc/httpd/modules/mod_ssl.so(+0x116ee)[0x7fae150536ee]
/etc/httpd/modules/mod_ssl.so(+0x128ec)[0x7fae150548ec]
/usr/sbin/httpd(ap_run_post_config+0x59)[0x5637ab0fab69]
/usr/sbin/httpd(main+0x8b8)[0x5637ab0d7ec8]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7fae1f9ce555]
/usr/sbin/httpd(+0x1f1df)[0x5637ab0d81df]

Environment

  • Red Hat Enterprise Linux (RHEL) 7.x
  • openssl-1.0.2k-23.el7_9
  • httpd 2.4.6
  • OCSP stapling is enabled

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content