Nginx/openssl version compatibility for releases

[sp3nx0r]

Stumbled on this while doing testing, was pulling master while testing a nginx 1.21.4 / openssl 1.1.1q deployment and was getting segfaults. Traced this to the 0.4.0 and subsequent patches, reverting to 0.3.0 tag worked fine. Would be nice to understand what version compatibility there is for the releases.

[paragor]

0.4.1 was successfully tested aginst (and it works in prod pretty good):

• nginx version: nginx/1.22.0
• openssl 1.1.1q

"Would be nice to understand what version compatibility there is for the releases."

+1

[KMG-IDC24]

OpenSSL_1_1_1-stable
nginx 1.23.1

==55768==ERROR: LeakSanitizer: detected memory leaks

Indirect leak of 16384 byte(s) in 1 object(s) allocated from:
#0 0x7f0e2520b6e5 in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:217
#1 0x55b3d0ff4290 in ngx_memalign src/os/unix/ngx_alloc.c:57
#2 0x55b3d0f864fb in ngx_create_pool src/core/ngx_palloc.c:23
#3 0x55b3d0fb5297 in ngx_init_cycle src/core/ngx_cycle.c:69
#4 0x55b3d0f81790 in main src/core/nginx.c:292
#5 0x7f0e24e5f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)

Indirect leak of 16384 byte(s) in 1 object(s) allocated from:
#0 0x7f0e2520b6e5 in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:217
#1 0x55b3d0ff4290 in ngx_memalign src/os/unix/ngx_alloc.c:57
#2 0x55b3d0f85fec in ngx_palloc_block src/core/ngx_palloc.c:186
#3 0x55b3d0f86c70 in ngx_palloc_small src/core/ngx_palloc.c:173
#4 0x55b3d0f86c70 in ngx_palloc src/core/ngx_palloc.c:127
#5 0x55b3d0f87028 in ngx_pcalloc src/core/ngx_palloc.c:302
#6 0x55b3d0f88d94 in ngx_hash_init src/core/ngx_hash.c:396
#7 0x55b3d103b0ee in ngx_http_core_merge_loc_conf src/http/ngx_http_core_module.c:3724
#8 0x55b3d1030c77 in ngx_http_merge_servers src/http/ngx_http.c:597
#9 0x55b3d1030c77 in ngx_http_block src/http/ngx_http.c:270
#10 0x55b3d0fbe373 in ngx_conf_handler src/core/ngx_conf_file.c:463
#11 0x55b3d0fbe373 in ngx_conf_parse src/core/ngx_conf_file.c:319
#12 0x55b3d0fb66ea in ngx_init_cycle src/core/ngx_cycle.c:284
#13 0x55b3d0f81790 in main src/core/nginx.c:292
#14 0x7f0e24e5f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)

Indirect leak of 16384 byte(s) in 1 object(s) allocated from:
#0 0x7f0e2520b6e5 in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:217
#1 0x55b3d0ff4290 in ngx_memalign src/os/unix/ngx_alloc.c:57
#2 0x55b3d0f85fec in ngx_palloc_block src/core/ngx_palloc.c:186
#3 0x55b3d0f86d3f in ngx_palloc_small src/core/ngx_palloc.c:173
#4 0x55b3d0f86d3f in ngx_pnalloc src/core/ngx_palloc.c:140
#5 0x55b3d107ccaa in ngx_http_add_variable src/http/ngx_http_variables.c:458
#6 0x55b3d107f8a9 in ngx_http_variables_add_core_vars src/http/ngx_http_variables.c:2676
#7 0x55b3d103d2a6 in ngx_http_core_preconfiguration src/http/ngx_http_core_module.c:3371
#8 0x55b3d10305f5 in ngx_http_block src/http/ngx_http.c:229
#9 0x55b3d0fbe373 in ngx_conf_handler src/core/ngx_conf_file.c:463
#10 0x55b3d0fbe373 in ngx_conf_parse src/core/ngx_conf_file.c:319
#11 0x55b3d0fb66ea in ngx_init_cycle src/core/ngx_cycle.c:284
#12 0x55b3d0f81790 in main src/core/nginx.c:292
#13 0x7f0e24e5f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)

Indirect leak of 16384 byte(s) in 1 object(s) allocated from:
#0 0x7f0e2520b6e5 in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:217
#1 0x55b3d0ff4290 in ngx_memalign src/os/unix/ngx_alloc.c:57
#2 0x55b3d0f85fec in ngx_palloc_block src/core/ngx_palloc.c:186
#3 0x55b3d0f86c70 in ngx_palloc_small src/core/ngx_palloc.c:173
#4 0x55b3d0f86c70 in ngx_palloc src/core/ngx_palloc.c:127
#5 0x55b3d0f87028 in ngx_pcalloc src/core/ngx_palloc.c:302
#6 0x55b3d1112021 in ngx_http_proxy_create_loc_conf src/http/modules/ngx_http_proxy_module.c:3318
#7 0x55b3d104441e in ngx_http_core_server src/http/ngx_http_core_module.c:2952
#8 0x55b3d0fbe373 in ngx_conf_handler src/core/ngx_conf_file.c:463
#9 0x55b3d0fbe373 in ngx_conf_parse src/core/ngx_conf_file.c:319
#10 0x55b3d1030661 in ngx_http_block src/http/ngx_http.c:239
#11 0x55b3d0fbe373 in ngx_conf_handler src/core/ngx_conf_file.c:463
#12 0x55b3d0fbe373 in ngx_conf_parse src/core/ngx_conf_file.c:319
#13 0x55b3d0fb66ea in ngx_init_cycle src/core/ngx_cycle.c:284
#14 0x55b3d0f81790 in main src/core/nginx.c:292
#15 0x7f0e24e5f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)

Indirect leak of 16384 byte(s) in 1 object(s) allocated from:
#0 0x7f0e2520b6e5 in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:217
#1 0x55b3d0ff4290 in ngx_memalign src/os/unix/ngx_alloc.c:57
#2 0x55b3d0f85fec in ngx_palloc_block src/core/ngx_palloc.c:186
#3 0x55b3d0f86c70 in ngx_palloc_small src/core/ngx_palloc.c:173
#4 0x55b3d0f86c70 in ngx_palloc src/core/ngx_palloc.c:127
#5 0x55b3d0f87028 in ngx_pcalloc src/core/ngx_palloc.c:302
#6 0x55b3d1112021 in ngx_http_proxy_create_loc_conf src/http/modules/ngx_http_proxy_module.c:3318
#7 0x55b3d10301ea in ngx_http_block src/http/ngx_http.c:211
#8 0x55b3d0fbe373 in ngx_conf_handler src/core/ngx_conf_file.c:463
#9 0x55b3d0fbe373 in ngx_conf_parse src/core/ngx_conf_file.c:319
#10 0x55b3d0fb66ea in ngx_init_cycle src/core/ngx_cycle.c:284
#11 0x55b3d0f81790 in main src/core/nginx.c:292
#12 0x7f0e24e5f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)

Indirect leak of 6400 byte(s) in 1 object(s) allocated from:
#0 0x7f0e2520a808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x55b3d0ff40fd in ngx_alloc src/os/unix/ngx_alloc.c:22
#2 0x55b3d0f86316 in ngx_palloc_large src/core/ngx_palloc.c:220
#3 0x55b3d0f86bed in ngx_palloc src/core/ngx_palloc.c:131
#4 0x55b3d0f88de8 in ngx_hash_init src/core/ngx_hash.c:403
#5 0x55b3d1080547 in ngx_http_variables_init_vars src/http/ngx_http_variables.c:2784
#6 0x55b3d1032169 in ngx_http_block src/http/ngx_http.c:316
#7 0x55b3d0fbe373 in ngx_conf_handler src/core/ngx_conf_file.c:463
#8 0x55b3d0fbe373 in ngx_conf_parse src/core/ngx_conf_file.c:319
#9 0x55b3d0fb66ea in ngx_init_cycle src/core/ngx_cycle.c:284
#10 0x55b3d0f81790 in main src/core/nginx.c:292
#11 0x7f0e24e5f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)

Indirect leak of 5349 byte(s) in 1 object(s) allocated from:
#0 0x7f0e2520a808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x55b3d0ff40fd in ngx_alloc src/os/unix/ngx_alloc.c:22
#2 0x55b3d0f86316 in ngx_palloc_large src/core/ngx_palloc.c:220
#3 0x55b3d0f86bed in ngx_palloc src/core/ngx_palloc.c:131
#4 0x55b3d0f8b90b in ngx_create_temp_buf src/core/ngx_buf.c:22
#5 0x55b3d0fbcc26 in ngx_conf_add_dump src/core/ngx_conf_file.c:132
#6 0x55b3d0fbcc26 in ngx_conf_parse src/core/ngx_conf_file.c:225
#7 0x55b3d0fbf062 in ngx_conf_include src/core/ngx_conf_file.c:841
#8 0x55b3d0fbe373 in ngx_conf_handler src/core/ngx_conf_file.c:463
#9 0x55b3d0fbe373 in ngx_conf_parse src/core/ngx_conf_file.c:319
#10 0x55b3d1030661 in ngx_http_block src/http/ngx_http.c:239
#11 0x55b3d0fbe373 in ngx_conf_handler src/core/ngx_conf_file.c:463
#12 0x55b3d0fbe373 in ngx_conf_parse src/core/ngx_conf_file.c:319
#13 0x55b3d0fb66ea in ngx_init_cycle src/core/ngx_cycle.c:284
#14 0x55b3d0f81790 in main src/core/nginx.c:292
#15 0x7f0e24e5f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)

Indirect leak of 4544 byte(s) in 1 object(s) allocated from:
#0 0x7f0e2520a808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x55b3d0ff40fd in ngx_alloc src/os/unix/ngx_alloc.c:22
#2 0x55b3d0f86316 in ngx_palloc_large src/core/ngx_palloc.c:220
#3 0x55b3d0f86bed in ngx_palloc src/core/ngx_palloc.c:131
#4 0x55b3d0f88de8 in ngx_hash_init src/core/ngx_hash.c:403
#5 0x55b3d103b0ee in ngx_http_core_merge_loc_conf src/http/ngx_http_core_module.c:3724
#6 0x55b3d1030c77 in ngx_http_merge_servers src/http/ngx_http.c:597
#7 0x55b3d1030c77 in ngx_http_block src/http/ngx_http.c:270
#8 0x55b3d0fbe373 in ngx_conf_handler src/core/ngx_conf_file.c:463
#9 0x55b3d0fbe373 in ngx_conf_parse src/core/ngx_conf_file.c:319
#10 0x55b3d0fb66ea in ngx_init_cycle src/core/ngx_cycle.c:284
#11 0x55b3d0f81790 in main src/core/nginx.c:292
#12 0x7f0e24e5f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)

Indirect leak of 4280 byte(s) in 1 object(s) allocated from:
#0 0x7f0e2520a808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x55b3d0ff40fd in ngx_alloc src/os/unix/ngx_alloc.c:22
#2 0x55b3d0f86316 in ngx_palloc_large src/core/ngx_palloc.c:220
#3 0x55b3d0f86bed in ngx_palloc src/core/ngx_palloc.c:131
#4 0x55b3d0f87028 in ngx_pcalloc src/core/ngx_palloc.c:302
#5 0x55b3d0f8a60c in ngx_hash_keys_array_init src/core/ngx_hash.c:727
#6 0x55b3d107f77f in ngx_http_variables_add_core_vars src/http/ngx_http_variables.c:2662
#7 0x55b3d103d2a6 in ngx_http_core_preconfiguration src/http/ngx_http_core_module.c:3371
#8 0x55b3d10305f5 in ngx_http_block src/http/ngx_http.c:229
#9 0x55b3d0fbe373 in ngx_conf_handler src/core/ngx_conf_file.c:463
#10 0x55b3d0fbe373 in ngx_conf_parse src/core/ngx_conf_file.c:319
#11 0x55b3d0fb66ea in ngx_init_cycle src/core/ngx_cycle.c:284
#12 0x55b3d0f81790 in main src/core/nginx.c:292
#13 0x7f0e24e5f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)

Indirect leak of 4280 byte(s) in 1 object(s) allocated from:
#0 0x7f0e2520a808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x55b3d0ff40fd in ngx_alloc src/os/unix/ngx_alloc.c:22
#2 0x55b3d0f86316 in ngx_palloc_large src/core/ngx_palloc.c:220
#3 0x55b3d0f86bed in ngx_palloc src/core/ngx_palloc.c:131
#4 0x55b3d0f87028 in ngx_pcalloc src/core/ngx_palloc.c:302
#5 0x55b3d0f8a54a in ngx_hash_keys_array_init src/core/ngx_hash.c:716
#6 0x55b3d107f77f in ngx_http_variables_add_core_vars src/http/ngx_http_variables.c:2662
#7 0x55b3d103d2a6 in ngx_http_core_preconfiguration src/http/ngx_http_core_module.c:3371
#8 0x55b3d10305f5 in ngx_http_block src/http/ngx_http.c:229
#9 0x55b3d0fbe373 in ngx_conf_handler src/core/ngx_conf_file.c:463
#10 0x55b3d0fbe373 in ngx_conf_parse src/core/ngx_conf_file.c:319
#11 0x55b3d0fb66ea in ngx_init_cycle src/core/ngx_cycle.c:284
#12 0x55b3d0f81790 in main src/core/nginx.c:292
#13 0x7f0e24e5f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)

Indirect leak of 4280 byte(s) in 1 object(s) allocated from:
#0 0x7f0e2520a808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x55b3d0ff40fd in ngx_alloc src/os/unix/ngx_alloc.c:22
#2 0x55b3d0f86316 in ngx_palloc_large src/core/ngx_palloc.c:220
#3 0x55b3d0f86bed in ngx_palloc src/core/ngx_palloc.c:131
#4 0x55b3d0f87028 in ngx_pcalloc src/core/ngx_palloc.c:302
#5 0x55b3d0f8a5ab in ngx_hash_keys_array_init src/core/ngx_hash.c:721
#6 0x55b3d107f77f in ngx_http_variables_add_core_vars src/http/ngx_http_variables.c:2662
#7 0x55b3d103d2a6 in ngx_http_core_preconfiguration src/http/ngx_http_core_module.c:3371
#8 0x55b3d10305f5 in ngx_http_block src/http/ngx_http.c:229
#9 0x55b3d0fbe373 in ngx_conf_handler src/core/ngx_conf_file.c:463
#10 0x55b3d0fbe373 in ngx_conf_parse src/core/ngx_conf_file.c:319
#11 0x55b3d0fb66ea in ngx_init_cycle src/core/ngx_cycle.c:284
#12 0x55b3d0f81790 in main src/core/nginx.c:292
#13 0x7f0e24e5f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)

Indirect leak of 4096 byte(s) in 1 object(s) allocated from:
#0 0x7f0e2520a808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x55b3d0ff40fd in ngx_alloc src/os/unix/ngx_alloc.c:22
#2 0x55b3d0f86316 in ngx_palloc_large src/core/ngx_palloc.c:220
#3 0x55b3d0f86bed in ngx_palloc src/core/ngx_palloc.c:131
#4 0x55b3d0f8780a in ngx_array_push src/core/ngx_array.c:76
#5 0x55b3d103a2bf in ngx_http_core_type src/http/ngx_http_core_module.c:3351
#6 0x55b3d0fbd7ef in ngx_conf_parse src/core/ngx_conf_file.c:304
#7 0x55b3d1039c26 in ngx_http_core_types src/http/ngx_http_core_module.c:3294
#8 0x55b3d0fbe373 in ngx_conf_handler src/core/ngx_conf_file.c:463
#9 0x55b3d0fbe373 in ngx_conf_parse src/core/ngx_conf_file.c:319
#10 0x55b3d0fbf062 in ngx_conf_include src/core/ngx_conf_file.c:841
#11 0x55b3d0fbe373 in ngx_conf_handler src/core/ngx_conf_file.c:463
#12 0x55b3d0fbe373 in ngx_conf_parse src/core/ngx_conf_file.c:319
#13 0x55b3d1030661 in ngx_http_block src/http/ngx_http.c:239
#14 0x55b3d0fbe373 in ngx_conf_handler src/core/ngx_conf_file.c:463
#15 0x55b3d0fbe373 in ngx_conf_parse src/core/ngx_conf_file.c:319
#16 0x55b3d0fb66ea in ngx_init_cycle src/core/ngx_cycle.c:284
#17 0x55b3d0f81790 in main src/core/nginx.c:292
#18 0x7f0e24e5f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)

Indirect leak of 4096 byte(s) in 1 object(s) allocated from:
#0 0x7f0e2520a808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x55b3d0ff40fd in ngx_alloc src/os/unix/ngx_alloc.c:22
#2 0x55b3d0f86316 in ngx_palloc_large src/core/ngx_palloc.c:220
#3 0x55b3d0f86bed in ngx_palloc src/core/ngx_palloc.c:131
#4 0x55b3d0f8780a in ngx_array_push src/core/ngx_array.c:76
#5 0x55b3d0f8ae59 in ngx_hash_add_key src/core/ngx_hash.c:844
#6 0x55b3d107cdd9 in ngx_http_add_variable src/http/ngx_http_variables.c:471
#7 0x55b3d107f8a9 in ngx_http_variables_add_core_vars src/http/ngx_http_variables.c:2676
#8 0x55b3d103d2a6 in ngx_http_core_preconfiguration src/http/ngx_http_core_module.c:3371
#9 0x55b3d10305f5 in ngx_http_block src/http/ngx_http.c:229
#10 0x55b3d0fbe373 in ngx_conf_handler src/core/ngx_conf_file.c:463
#11 0x55b3d0fbe373 in ngx_conf_parse src/core/ngx_conf_file.c:319
#12 0x55b3d0fb66ea in ngx_init_cycle src/core/ngx_cycle.c:284
#13 0x55b3d0f81790 in main src/core/nginx.c:292
#14 0x7f0e24e5f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)

SUMMARY: AddressSanitizer: 119245 byte(s) leaked in 13 allocation(s).

nginx -t

Since then, memory-related issues continue to occur. Is there a compatible version out there?

[phuslu]

nginx.patch should be ok for all 1.2x relase, and I added a openssl 3.2 patch in https://github.com/phuslu/nginx-ssl-fingerprint/blob/master/patches/openssl.3_2.patch