PHP :: Bug #67512 :: php_crypt() crashes if crypt_r() does not exist or

Bug #67512

php_crypt() crashes if crypt_r() does not exist or _REENTRANT is not defined

Submitted:

2014-06-25 12:10 UTC

Modified:

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	1 (100.0%)

From:

timo dot teras at iki dot fi

Assigned:

Status:

Closed

Package:

*Encryption and hash functions

PHP Version:

5.5.13

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

[2014-06-25 12:10 UTC] timo dot teras at iki dot fi

Description:
------------
php_crypt() does not contain default implementation, and does not return error. 

It will lead to crashes with backtraces like:
(gdb) where
#0  0x000005f88811a5b1 in zif_crypt (ht=<optimized out>, 
    return_value=0x65963a1f2d20, return_value_ptr=<optimized out>, 
    this_ptr=<optimized out>, return_value_used=<optimized out>)
    at /home/buildozer/aports/main/php/src/php-5.5.13/ext/standard/crypt.c:301
#1  0x000005f8882626a3 in zend_do_fcall_common_helper_SPEC (
    execute_data=0x659641284268)
    at /home/buildozer/aports/main/php/src/php-5.5.13/Zend/zend_vm_execute.h:550
#2  0x000005f8882010e0 in execute_ex (execute_data=0x659641284268)
    at /home/buildozer/aports/main/php/src/php-5.5.13/Zend/zend_vm_execute.h:363
#3  0x000005f8881cf537 in zend_call_function (fci=fci@entry=0x70801634cad0, 
    fci_cache=<optimized out>, fci_cache@entry=0x70801634caa8)
    at /home/buildozer/aports/main/php/src/php-5.5.13/Zend/zend_execute_API.c:939
#4  0x000005f888114f2b in zif_call_user_func (ht=<optimized out>, 
    return_value=0x65963a17efb8, return_value_ptr=<optimized out>, 
    this_ptr=<optimized out>, return_value_used=<optimized out>)
    at /home/buildozer/aports/main/php/src/php-5.5.13/ext/standard/basic_functions.c:4781
#5  0x000005f8882626a3 in zend_do_fcall_common_helper_SPEC (
    execute_data=0x6596412804a0)
    at /home/buildozer/aports/main/php/src/php-5.5.13#6  0x000005f8882010e0 in execute_ex (execute_data=0x6596412804a0)
    at /home/buildozer/aports/main/php/src/php-5.5.13/Zend/zend_vm_execute.h:363
#7  0x000005f8881db6eb in zend_execute_scripts (type=type@entry=8, 
    retval=retval@entry=0x0, file_count=file_count@entry=3)
    at /home/buildozer/aports/main/php/src/php-5.5.13/Zend/zend.c:1316
#8  0x000005f88818a691 in php_execute_script (
    primary_file=primary_file@entry=0x70801634f078)
    at /home/buildozer/aports/main/php/src/php-5.5.13/main/main.c:2506
#9  0x000005f88803e54b in main (argc=1, argv=0x70801634f388)
    at /home/buildozer/aports/main/php/src/php-5.5.13/sapi/cgi/cgi_main.c:2454

glibc builds likely work, because glibc incorrectly defines _REENTRANT for you even if it was not requested.

This bug is reproducible on non-glibc systems. E.g. Alpine Linux 3.0 which is musl based.

Seems also some other distributions have patched this issue. See:
https://build.opensuse.org/package/view_file?file=php-5.3.8-no-reentrant-crypt.patch&package=php5.831&project=openSUSE%3A12.2%3AUpdate&rev=bbcd9103e1bb3fb4a021cee0f42e604a

Patches

php-fix-crypt-v1.patch (last revision 2014-06-25 12:12 UTC by timo dot teras at iki dot fi)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-03-25 19:23 UTC] nikic@php.net

Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=54da966883bacf28808e26eeda48fe38e21b118e
Log: Fixed bug #67512

[2016-03-25 19:23 UTC] nikic@php.net

-Status: Open +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Mar 04 06:01:27 2025 UTC