Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
unusably short session_id provided? -Apache/PHP
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1500

PostPosted: Mon Oct 15, 2007 4:19 pm    Post subject: unusably short session_id provided? -Apache/PHP Reply with quote

Hello All

Started seeing these in the logs today (I coincidentally restarted Apache on 3 boxes.. and now all 3 boxes are showing the error). The weird thing is that I've restarted Apache services in the past, and have not recently upgraded in the last week or so.

Code:
[Mon Oct 15 09:27:59 2007] [error] unusably short session_id provided (0 bytes)
[Mon Oct 15 09:29:15 2007] [error] unusably short session_id provided (0 bytes)
[Mon Oct 15 09:32:12 2007] [error] unusably short session_id provided (0 bytes)
[Mon Oct 15 09:35:00 2007] [error] unusably short session_id provided (0 bytes)
[Mon Oct 15 09:40:55 2007] [error] unusably short session_id provided (0 bytes)


My version of apache (same on all 3 boxes)
Code:
[ebuild   R   ] www-servers/apache-2.2.6  USE="mpm-prefork no-suexec ssl -debug -doc -ldap -mpm-event -mpm-itk -mpm-peruser -mpm-worker (-selinux) -static-modules -threads" 4,664 kB


Any ideas?
Thanks!
hanji
_________________
Server Admin Blog - Uno-Code.com
Back to top
View user's profile Send private message
jexxie
Tux's lil' helper
Tux's lil' helper


Joined: 12 Oct 2007
Posts: 82
Location: Vancouver, BC

PostPosted: Mon Oct 15, 2007 6:13 pm    Post subject: Reply with quote

First thought:
Is /dev/urandom or /dev/random still producuing pseudo-random data?
Back to top
View user's profile Send private message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1500

PostPosted: Mon Oct 15, 2007 7:18 pm    Post subject: Reply with quote

Yep.. here is a snip:

Code:
0001b9d0  a1 4f 97 3e 48 66 57 2e  ca cb 36 4d 06 79 54 03  |.O.>HfW...6M.yT.|
0001b9e0  3a 31 4b 56 7e 47 36 42  9f f0 45 4f d3 5b a2 67  |:1KV~G6B..EO.[.g|
0001b9f0  1a a1 2f a7 b9 f1 dd 93  c1 fc 3f 36 fd 0a b9 80  |../.......?6....|
0001ba00  21 d3 96 66 2f ff f2 2c  cb c2 35 d2 10 32 97 22  |!..f/..,..5..2."|
0001ba10  7e e6 70 22 fe ef 24 c5  51 c3 52 1d 63 f3 b5 af  |~.p"..$.Q.R.c...|
0001ba20  a2 12 01 d4 fe 0d bb 49  30 83 b6 8a 4a 89 f9 0d  |.......I0...J...|
0001ba30  6a 82 2e e2 f4 d3 4c 57  6f c5 1a aa 35 84 33 a9  |j.....LWo...5.3.|
0001ba40  7c df 09 60 b5 1d 8c 18  7a 4e a6 1d 07 ba ee e7  ||..`....zN......|
0001ba50  28 e0 40 de 31 90 e7 49  fe eb 0b 3e c7 6b 60 65  |(.@.1..I...>.k`e|
0001ba60  93 ca d4 cf f3 fd 89 ff  33 5c 2e 07 4c be 88 28  |........3\..L..(|
0001ba70  32 81 90 36 2e ec 1a 44  a5 a0 a8 2d f4 df e6 62  |2..6...D...-...b|
0001ba80  59 3c ff 19 d7 71 99 d0  4d 10 6d 51 8d bd 0a 1d  |Y<...q..M.mQ....|
0001ba90  0b 86 62 28 c4 2d 8e 33  8f ee d4 dc 0e e9 26 6e  |..b(.-.3......&n|
0001baa0  7e 17 50 5a a7 0d cd a1  93 13 1d 75 b1 30 d8 d9  |~.PZ.......u.0..|
0001bab0  2e c5 6b db 8f c7 4e 08  15 f6 c5 fd b6 81 51 19  |..k...N.......Q.|


I wonder if this could be related to binutils upgrade? Here are the last updates I did since last 'good' apache restart (good, meaning these errors were not reported)

Code:
Mon Oct 15 06:52:43 2007 >>> sys-apps/kbd-1.13-r1
     Mon Oct 15 07:06:16 2007 >>> sys-devel/binutils-2.18-r1
     Mon Oct 15 07:17:36 2007 >>> dev-libs/openssl-0.9.8f
     Mon Oct 15 07:30:14 2007 >>> media-libs/pdflib-7.0.2
     Mon Oct 15 09:05:08 2007 >>> sys-libs/glibc-2.6.1


Thanks!
hanji
_________________
Server Admin Blog - Uno-Code.com
Back to top
View user's profile Send private message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1500

PostPosted: Mon Oct 15, 2007 10:31 pm    Post subject: Reply with quote

Rebuilding apache and PHP.. maybe this will help. Google is yielding nothing on this error.. very strange.

hanji
_________________
Server Admin Blog - Uno-Code.com
Back to top
View user's profile Send private message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1500

PostPosted: Mon Oct 15, 2007 10:33 pm    Post subject: Reply with quote

Actually.. looks like something with openssl

Code:
+    if (idlen < 4) {
+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "unusably short session_id provided "
+                "(%u bytes)", idlen);
+        goto done;
+    }


BTW.. I did revdep-rebuild after openssl update

hanji
_________________
Server Admin Blog - Uno-Code.com
Back to top
View user's profile Send private message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1500

PostPosted: Tue Oct 16, 2007 2:32 am    Post subject: Reply with quote

Nope.. recompiled Apache.. problem persists. Also, reran the following:
Code:
revdep-rebuild --library libcrypto.so.0.9.7
revdep-rebuild --library libssl.so.0.9.7

Didn't notice anything to rebuild.

Anyone else noticing this too?

Thanks!
hanji
_________________
Server Admin Blog - Uno-Code.com
Back to top
View user's profile Send private message
karma
n00b
n00b


Joined: 15 Dec 2005
Posts: 6
Location: Strasbourg

PostPosted: Wed Oct 17, 2007 8:05 am    Post subject: Reply with quote

Hi,

I've got this problem too since openssl upgrade. Like you've said, re-emerging apache and openssl doesn't help, and revdep-rebuild is also clean.

I've read something about emerging previous version of openssl, but I haven't tried this yet...



Christophe
Back to top
View user's profile Send private message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1500

PostPosted: Wed Oct 17, 2007 6:43 pm    Post subject: Reply with quote

karma wrote:
Hi,

I've got this problem too since openssl upgrade. Like you've said, re-emerging apache and openssl doesn't help, and revdep-rebuild is also clean.

I've read something about emerging previous version of openssl, but I haven't tried this yet...



Christophe


Ah! So I'm not the only one on the planet with this problem. All my servers are doing this now.

hanji
_________________
Server Admin Blog - Uno-Code.com
Back to top
View user's profile Send private message
Hideki
n00b
n00b


Joined: 09 Mar 2003
Posts: 74

PostPosted: Thu Oct 18, 2007 3:25 pm    Post subject: Reply with quote

seeing same...
Back to top
View user's profile Send private message
planet-admin
Apprentice
Apprentice


Joined: 27 Mar 2004
Posts: 213
Location: Boise, ID

PostPosted: Sun Oct 28, 2007 5:28 pm    Post subject: Reply with quote

For those of you who are unaware, this is a bug in openssl-0.9.8f.

You can add openssl-0.9.8g to your package.keywords/unmask and update which contains the fix.

Details here:

http://rt.openssl.org/Ticket/Display.html?id=1591&user=guest&pass=guest
_________________
Michael S. Moody
Sr. Systems Engineer
Global Systems Consulting
Web: http://www.GlobalSystemsConsulting.com
Back to top
View user's profile Send private message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1500

PostPosted: Tue Oct 30, 2007 12:35 am    Post subject: Reply with quote

Awesome. Just upgraded and testing on one box now. Thanks for your help!

hanji
_________________
Server Admin Blog - Uno-Code.com
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum