php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #48081 stream_socket_client with SSL causes SEGFAULT
Submitted: 2009-04-26 17:26 UTC Modified: 2009-04-26 20:40 UTC
From: alexander at wright-family dot me dot uk Assigned: pajoye (profile)
Status: Not a bug Package: Reproducible crash
PHP Version: 5.2.9 OS: Gentoo Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: alexander at wright-family dot me dot uk
New email:
PHP Version: OS:

 

 [2009-04-26 17:26 UTC] alexander at wright-family dot me dot uk 
Description:
------------
PHPInfo located here: http://www.wright-family.me.uk/shared/phpinfo.txt

Using hardened profile Gentoo Linux:
Linux beth 2.6.25-hardened-r11 #6 SMP Tue Dec 23 08:37:01 GMT 2008 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ AuthenticAMD GNU/Linux

Attached code causes a segfault when executing the stream_socket_client() function.

Using TCP rather than SSL works correctly (i.e. without a segfault).

Reproduce code:
---------------
<?php

$context = stream_context_create();
$errno = 0;
$errstr = "";
$socket = stream_socket_client('ssl://www.google.com:443',$errno,$errstr,60,STREAM_CLIENT_CONNECT,$context);
echo "\nError:{$errno}: {$errstr}\n";

while (($line = @fgets($socket)) !== false) {
        if ($line) {
                $response .= $line;
                if (rtrim($line) === '') break;
  }
}
echo "\n\nHeaders:\n{$response}\n\n";
?>


Expected result:
----------------
Code should connect to google, and attempt to read some data.

Actual result:
--------------
Backtrace:


#0  0xffffffffff70085e in ?? ()
#1  0x00006f972c5797f2 in gettimeofday ()
#2  0x00006f97251c32ba in gettimeofday () from /lib/libc.so.6
#3  0x000005b28362a9f0 in ?? () from /usr/lib64/php5/bin/php
#4  0x000005b28362a2a5 in ?? () from /usr/lib64/php5/bin/php
#5  0x000005b2839cec4f in _php_stream_set_option () from /usr/lib64/php5/bin/php
#6  0x000005b2839e0cbf in php_stream_xport_crypto_enable () from /usr/lib64/php5/bin/php
#7  0x000005b28362a361 in ?? () from /usr/lib64/php5/bin/php
#8  0x000005b2839cec4f in _php_stream_set_option () from /usr/lib64/php5/bin/php
#9  0x000005b2839e0718 in php_stream_xport_connect () from /usr/lib64/php5/bin/php
#10 0x000005b2839e0229 in _php_stream_xport_create () from /usr/lib64/php5/bin/php
#11 0x000005b28396a9e3 in zif_stream_socket_client () from /usr/lib64/php5/bin/php
#12 0x000005b283a5f371 in execute_internal () from /usr/lib64/php5/bin/php
#13 0x00006f9724b0f5dd in ?? () from /usr/lib64/php5/lib/php/extensions/debug-zts-20060613/suhosin.so
#14 0x000005b283a5fe93 in ?? () from /usr/lib64/php5/bin/php
#15 0x000005b283a67e4c in ?? () from /usr/lib64/php5/bin/php
#16 0x000005b283a5f7ac in execute () from /usr/lib64/php5/bin/php
#17 0x00006f9724b0c6eb in ?? () from /usr/lib64/php5/lib/php/extensions/debug-zts-20060613/suhosin.so
#18 0x00006f9724b0c785 in ?? () from /usr/lib64/php5/lib/php/extensions/debug-zts-20060613/suhosin.so
#19 0x000005b283a2c0fe in zend_execute_scripts () from /usr/lib64/php5/bin/php
#20 0x000005b2839ab8ed in php_execute_script () from /usr/lib64/php5/bin/php
#21 0x000005b283adb1a3 in main () from /usr/lib64/php5/bin/php

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-04-26 18:28 UTC] scottmac@php.net 
Can you remove sushosin and get debug symbols for the rest of the php binary.

I can't reproduce this on 5.2.10-dev or 5.3.0-dev


Output is:
Warning: stream_socket_client(): unable to connect to ssl://www.google.com:443 (Operation now in progress) in /private/tmp/test.php on line 7

Error:36: Operation now in progress


Headers:
 [2009-04-26 19:06 UTC] alexander at wright-family dot me dot uk 
Suhosin removed. Is this enough debug info?

Cheers.

(gdb) bt
#0  0xffffffffff70085e in ?? ()
#1  0x00006ad6211f47f2 in gettimeofday ()
#2  0x00006ad619e3e2ba in gettimeofday () from /lib/libc.so.6
#3  0x00000000004934ff in php_openssl_enable_crypto (stream=0x12ce7e8, sslsock=0x12ce730, cparam=0x740fac178940, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/ext/openssl/xp_ssl.c:417
#4  0x0000000000492ddf in php_openssl_sockop_set_option (stream=0x12ce7e8, option=8, value=0, ptrparam=0x740fac178940, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/ext/openssl/xp_ssl.c:669
#5  0x00000000008346e0 in _php_stream_set_option (stream=0x12ce7e8, option=8, value=0, ptrparam=0x740fac178940, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/main/streams/streams.c:1155
#6  0x00000000008464cf in php_stream_xport_crypto_enable (stream=0x12ce7e8, activate=1, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/main/streams/transports.c:371
#7  0x0000000000492e9b in php_openssl_sockop_set_option (stream=0x12ce7e8, option=7, value=0, ptrparam=0x740fac178b00, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/ext/openssl/xp_ssl.c:689
#8  0x00000000008346e0 in _php_stream_set_option (stream=0x12ce7e8, option=7, value=0, ptrparam=0x740fac178b00, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/main/streams/streams.c:1155
#9  0x0000000000845f28 in php_stream_xport_connect (stream=0x12ce7e8, name=0x12cd8ce "www.google.com:443", namelen=18, asynchronous=0,
    timeout=0x740fac178e60, error_text=0x740fac178d08, error_code=0x740fac178e4c, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/main/streams/transports.c:230
#10 0x0000000000845a39 in _php_stream_xport_create (name=0x12cd8ce "www.google.com:443", namelen=18, options=12, flags=2, persistent_id=0x0,
    timeout=0x740fac178e60, context=0x12c2d20, error_string=0x740fac178e38, error_code=0x740fac178e4c, __php_stream_call_depth=0,
    __zend_filename=0xc04480 "/var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/ext/standard/streamsfuncs.c", __zend_lineno=129,
    __zend_orig_filename=0x0, __zend_orig_lineno=0, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/main/streams/transports.c:143
#11 0x00000000007d21a6 in zif_stream_socket_client (ht=6, return_value=0x12cda30, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1,
    tsrm_ls=0xfad400) at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/ext/standard/streamsfuncs.c:126
#12 0x00000000008c285d in execute_internal (execute_data_ptr=0x740fac179460, return_value_used=1, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/Zend/zend_execute.c:1373
#13 0x00006ad61978a5dd in ?? () from /usr/lib64/php5/lib/php/extensions/debug-zts-20060613/suhosin.so
#14 0x00000000008c337f in zend_do_fcall_common_helper_SPEC (execute_data=0x740fac179460, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/Zend/zend_vm_execute.h:202
#15 0x00000000008cb2fa in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x740fac179460, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/Zend/zend_vm_execute.h:1729
#16 0x00000000008c2c98 in execute (op_array=0x12cb8c0, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/Zend/zend_vm_execute.h:92
#17 0x00006ad6197876eb in ?? () from /usr/lib64/php5/lib/php/extensions/debug-zts-20060613/suhosin.so
#18 0x00006ad619787785 in ?? () from /usr/lib64/php5/lib/php/extensions/debug-zts-20060613/suhosin.so
#19 0x000000000088ffcc in zend_execute_scripts (type=8, tsrm_ls=0xfad400, retval=0x0, file_count=3)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/Zend/zend.c:1134
#20 0x00000000008126c7 in php_execute_script (primary_file=0x740fac17bc00, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/main/main.c:2023
#21 0x000000000093e561 in main (argc=2, argv=0x740fac17bec8) at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/sapi/cli/php_cli.c:1133
(gdb)
 [2009-04-26 19:09 UTC] alexander at wright-family dot me dot uk 
Also available here:
http://www.wright-family.me.uk/shared/phpgdb.txt
 [2009-04-26 20:02 UTC] alexander at wright-family dot me dot uk 
Further information:

Buggy PHP compiled with x86_64-pc-linux-gnu-3.4.6

I compiled the same version of PHP on another AMD64 machine with x86_64-pc-linux-gnu-4.2.4 and this works correctly (with suhosin enabled).
 [2009-04-26 20:39 UTC] pajoye@php.net 
Which openssl version do you use?

Can you try to compile PHP yourself and see if you can reproduce this problem?
 [2009-04-26 20:40 UTC] pajoye@php.net 
missed the last comment, no php bug then > bogus.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jul 03 19:01:35 2025 UTC