PHP :: Bug #68912 :: Segmentation fault at openssl_spki

Bug #68912	Segmentation fault at openssl_spki_new
Submitted:	2015-01-25 18:03 UTC	Modified:	-
From:	fernando at null-life dot com	Assigned:
Status:	Closed	Package:	OpenSSL related
PHP Version:	5.6.5	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2015-01-25 18:03 UTC] fernando at null-life dot com

Description:
------------
There is a segfault when calling openssl_spki_new with an invalid resource. I *think* it may be related to calling strlen(s) when s is NULL.



Test script:
---------------
<?php

$var1=xml_parser_create_ns();
$var2=2; 
$var3=3; 

openssl_spki_new($var1, $var2, $var3);


Expected result:
----------------
Not segfault

Actual result:
--------------
(gdb) run 2.php
Starting program: /usr/bin/php 2.php

PHP Warning:  openssl_spki_new(): supplied resource is not a valid OpenSSL X.509/key resource in /home/fmunozs/bugs/php/2.php on line 8
PHP Warning:  openssl_spki_new(): Unable to use supplied private key in /home/fmunozs/bugs/php/2.php on line 8

Program received signal SIGSEGV, Segmentation fault.
zif_openssl_spki_new (ht=3, return_value=0xb788acb0, return_value_ptr=0xb787007c, this_ptr=0x0, return_value_used=0) at /home/fmunozs/php/src/php-5.6.5/ext/openssl/openssl.c:1535
1535            if (strlen(s) <= 0) {
(gdb) bt
#0  zif_openssl_spki_new (ht=3, return_value=0xb788acb0, return_value_ptr=0xb787007c, this_ptr=0x0, return_value_used=0) at /home/fmunozs/php/src/php-5.6.5/ext/openssl/openssl.c:1535
#1  0x08ce66ed in zend_do_fcall_common_helper_SPEC (execute_data=0xb78700c8) at /home/fmunozs/php/src/php-5.6.5/Zend/zend_vm_execute.h:558
#2  0x08b2eacf in execute_ex (execute_data=0xb78700c8) at /home/fmunozs/php/src/php-5.6.5/Zend/zend_vm_execute.h:363
#3  0x08bc2eac in zend_execute (op_array=0xb7889e28) at /home/fmunozs/php/src/php-5.6.5/Zend/zend_vm_execute.h:388
#4  0x08a2f46b in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/fmunozs/php/src/php-5.6.5/Zend/zend.c:1341
#5  0x0884cf7e in php_execute_script (primary_file=0xbfffe494) at /home/fmunozs/php/src/php-5.6.5/main/main.c:2584
#6  0x08cee870 in do_cli (argc=-1, argc@entry=2, argv=0xb788a228, argv@entry=0x94da838) at /home/fmunozs/php/src/php-5.6.5/sapi/cli/php_cli.c:994
#7  0x0806c7e9 in main (argc=2, argv=0x94da838) at /home/fmunozs/php/src/php-5.6.5/sapi/cli/php_cli.c:1378
#8  0xb7976e5e in __libc_start_main () from /usr/lib/libc.so.6
#9  0x0806c9f7 in _start ()

Patches

pangit143 (last revision 2015-08-06 03:28 UTC by veveykocute1234 at gmail dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-02-16 06:20 UTC] laruence@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=830998811112d60a9fe98c7e2b86250ccf75d6f4
Log: Fixed bug #68912 (Segmentation fault at openssl_spki_new)

[2015-02-16 06:20 UTC] laruence@php.net

-Status: Open +Status: Closed

[2015-02-16 06:23 UTC] laruence@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=830998811112d60a9fe98c7e2b86250ccf75d6f4
Log: Fixed bug #68912 (Segmentation fault at openssl_spki_new)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Oct 28 03:00:02 2025 UTC