php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73072 Invalid path SNI_server_certs causes segfault
Submitted: 2016-09-13 16:16 UTC Modified: 2016-09-13 16:17 UTC
From: bukka@php.net Assigned: bukka (profile)
Status: Closed Package: OpenSSL related
PHP Version: 5.6.25 OS: All
Private report: No CVE-ID: None
 [2016-09-13 16:16 UTC] bukka@php.net
Description:
------------
If the SNI_server_certs stream ssl option contains an invalid path, it causes segfault after the client connects. It is because the initializing loop is jumped off when error happens and keeps the sni_certs unitialized which causes later segfault when they are freed.

Test script:
---------------
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
    'local_cert' => __DIR__ . '/domain1.pem',
    'SNI_server_certs' => [
        "domain1.com" => __DIR__ . "/sni_server_domain1.pem",
        "domain2.com" => __DIR__ . "/unknown",
    ]
]]);

$server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);

for ($i=0; $i < 3; $i++) {
   @stream_socket_accept($server, 3);
}


Expected result:
----------------
Warning: failed setting local cert chain file `%s'; file not found

Actual result:
--------------
segfault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-09-13 16:17 UTC] bukka@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: bukka
 [2016-09-13 16:17 UTC] bukka@php.net
The script above causes segfault once a client connects into it...
 [2016-09-13 17:15 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=05baa927277c820de4deee0991c24c7f4c545105
Log: Fix bug #73072 (Invalid path SNI_server_certs causes segfault)
 [2016-09-13 17:15 UTC] bukka@php.net
-Status: Assigned +Status: Closed
 [2016-09-13 17:26 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=05baa927277c820de4deee0991c24c7f4c545105
Log: Fix bug #73072 (Invalid path SNI_server_certs causes segfault)
 [2016-09-13 17:28 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=05baa927277c820de4deee0991c24c7f4c545105
Log: Fix bug #73072 (Invalid path SNI_server_certs causes segfault)
 [2016-09-13 17:29 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=05baa927277c820de4deee0991c24c7f4c545105
Log: Fix bug #73072 (Invalid path SNI_server_certs causes segfault)
 [2016-09-29 15:25 UTC] spam2 at rhsoft dot net
the changelog of 7.0.12 RC 1 pretends that to be fixed, in fact it still fails, jsut built the RC1 (the 3 gd tests are because somebody renamed testfiles while they should be skipped at all when using systemd-gd)

i saw that pretty sure *randomly* fail with my PHP 7.0.11 build-tests using PGO (which is still broken https://bugs.php.net/bug.php?id=73111) and don't see any change here

Number of tests : 13389             11143
Tests skipped   : 2246 ( 16.8%) --------
Tests warned    :    0 (  0.0%) (  0.0%)
Tests failed    :    4 (  0.0%) (  0.0%)
Expected fail   :    0 (  0.0%) (  0.0%)
Tests passed    : 11139 ( 83.2%) (100.0%)
---------------------------------------------------------------------
Time taken      :  576 seconds
=====================================================================

=====================================================================
FAILED TEST SUMMARY
---------------------------------------------------------------------
Bug #53504 imagettfbbox/imageftbbox gives incorrect values for bounding box [ext/gd/tests/bug53504.phpt]
Bug #73155 (imagegd2() writes wrong chunk sizes on boundaries) [ext/gd/tests/bug73155.phpt]
Bug #73159 (imagegd2(): unrecognized formats may result in corrupted files) [ext/gd/tests/bug73159.phpt]
Bug #73072: Invalid path SNI_server_certs causes segfault [ext/openssl/tests/bug73072.phpt]
 [2016-10-17 10:08 UTC] bwoebi@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=05baa927277c820de4deee0991c24c7f4c545105
Log: Fix bug #73072 (Invalid path SNI_server_certs causes segfault)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC