|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2016-05-06 07:02 UTC] ab@php.net
[2016-05-06 07:02 UTC] ab@php.net
-Status: Open
+Status: Closed
[2016-05-06 07:33 UTC] ab@php.net
[2016-05-06 07:33 UTC] ab@php.net
[2016-07-20 11:31 UTC] davey@php.net
[2016-07-20 11:31 UTC] davey@php.net
[2016-07-20 11:31 UTC] davey@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Mon Nov 03 07:00:01 2025 UTC |
Description: ------------ openssl_csr_new() causes OBJ_txt2nid function call with NULL argument (it happens in php_openssl_make_REQ function), which results in null pointer dereference. Test script: --------------- <?php /* NPD */ $var0 = timezone_identifiers_list(); $var2 = openssl_csr_new(array(0),$var0,null,array(0)); Expected result: ---------------- Null pointer is not dereferenced Actual result: -------------- Stopped reason: SIGSEGV 0x00007ffff3c514e5 in lh_strhash (c=0x18 <error: Cannot access memory at address 0x18>) at lhash.c:450 450 lhash.c: No such file or directory. gdb-peda$ bt #0 0x00007ffff3c514e5 in lh_strhash (c=0x18 <error: Cannot access memory at address 0x18>) at lhash.c:450 #1 0x00007ffff3bcdcd0 in added_obj_hash (ca=0x7fffffff9c40) at obj_dat.c:130 #2 added_obj_LHASH_HASH (arg=0x7fffffff9c40) at obj_dat.c:146 #3 0x00007ffff3c5144d in getrn (lh=lh@entry=0x601e0000c9d0, data=data@entry=0x7fffffff9c40, rhash=rhash@entry=0x7fffffff9c18) at lhash.c:411 #4 0x00007ffff3c51a8c in lh_retrieve (lh=0x601e0000c9d0, data=data@entry=0x7fffffff9c40) at lhash.c:255 #5 0x00007ffff3bce9d6 in OBJ_sn2nid (s=s@entry=0x18 <error: Cannot access memory at address 0x18>) at obj_dat.c:673 #6 0x00007ffff3bcea56 in OBJ_txt2obj (s=0x18 <error: Cannot access memory at address 0x18>, no_name=no_name@entry=0x0) at obj_dat.c:437 #7 0x00007ffff3bceb3d in OBJ_txt2nid (s=<optimized out>) at obj_dat.c:635 #8 0x00000000004dd09e in php_openssl_make_REQ (req=0x7fffffffa0f0, csr=0x60060004f8a0, dn=0x7ffff2828950, attribs=0x7ffff2828980) at /home/shm/src/php-7.0.6/ext/openssl/openssl.c:2772 #9 0x00000000004dedb7 in zif_openssl_csr_new (execute_data=0x7ffff28288f0, return_value=0x7ffff28288d0) at /home/shm/src/php-7.0.6/ext/openssl/openssl.c:3111 #10 0x000000000108ce51 in ZEND_DO_ICALL_SPEC_HANDLER () at /home/shm/src/php-7.0.6/Zend/zend_vm_execute.h:586 #11 0x000000000108beca in execute_ex (ex=0x7ffff2828830) at /home/shm/src/php-7.0.6/Zend/zend_vm_execute.h:414 #12 0x000000000108c125 in zend_execute (op_array=0x60220001fcc0, return_value=0x0) at /home/shm/src/php-7.0.6/Zend/zend_vm_execute.h:458 #13 0x0000000000fa14b3 in zend_execute_scripts (type=0x8, retval=0x0, file_count=0x3) at /home/shm/src/php-7.0.6/Zend/zend.c:1427 #14 0x0000000000e30c7d in php_execute_script (primary_file=0x7fffffffcb80) at /home/shm/src/php-7.0.6/main/main.c:2494 #15 0x00000000011b808c in do_cli (argc=0x2, argv=0x60060000ed70) at /home/shm/src/php-7.0.6/sapi/cli/php_cli.c:974 #16 0x00000000011ba668 in main (argc=0x2, argv=0x60060000ed70) at /home/shm/src/php-7.0.6/sapi/cli/php_cli.c:1344 #17 0x00007ffff37c7ec5 in __libc_start_main (main=0x11b9140 <main>, argc=0x2, argv=0x7fffffffe088, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe078) at libc-start.c:287 #18 0x000000000042c769 in _start ()