PHP :: Bug #59308 :: gnupg causes Httpd to segfault on 64bit system

Bug #59308	gnupg causes Httpd to segfault on 64bit system
Submitted:	2010-07-14 15:15 UTC	Modified:	2010-07-19 22:45 UTC
From:	dayday0000 at gmail dot com	Assigned:
Status:	Closed	Package:	gnupg (PECL)
PHP Version:	5.3.2	OS:	centos-5.5-x86_64
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	dayday0000 at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2010-07-14 15:15 UTC] dayday0000 at gmail dot com

Description:
------------
CentOS-5.5-i386 : no problem

CentOS-5.5-x86_64 : Httpd segfault at gngpg::ERROR_EXCEPTION



# gdb /usr/sbin/httpd /tmp/core.22933
...
Reading symbols from /usr/lib64/php/modules/json.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/php/modules/json.so
Reading symbols from /usr/lib64/php/modules/ldap.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/php/modules/ldap.so
Reading symbols from /usr/lib64/php/modules/phar.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/php/modules/phar.so
Reading symbols from /usr/lib64/php/modules/zip.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/php/modules/zip.so
Core was generated by `/usr/sbin/httpd'.
Program terminated with signal 11, Segmentation fault.
#0  0x00002b2418264b23 in instanceof_function_ex () from /etc/httpd/modules/libphp5.so
(gdb) bt
#0  0x00002b2418264b23 in instanceof_function_ex () from /etc/httpd/modules/libphp5.so
#1  0x00002b2418264afb in instanceof_function () from /etc/httpd/modules/libphp5.so
#2  0x00002b2418284959 in zend_throw_exception () from /etc/httpd/modules/libphp5.so
#3  0x00002b2419f78091 in zif_gnupg_decrypt (ht=1, return_value=0x2b242cc02918,
    return_value_ptr=<value optimized out>, this_ptr=<value optimized out>,
    return_value_used=<value optimized out>) at /root/t_download/gnupg-1.3.1/gnupg.c:1210
#4  0x00002b2419d42cf3 in xdebug_execute_internal (current_execute_data=0x2b240cf75050,
    return_value_used=1) at /var/tmp/xdebug/xdebug.c:1339
#5  0x00002b24182baa7d in ?? () from /etc/httpd/modules/libphp5.so
#6  0x00002b2418290d0b in execute () from /etc/httpd/modules/libphp5.so
#7  0x00002b2419d4296e in xdebug_execute (op_array=0x2b242cc01798) at /var/tmp/xdebug/xdebug.c:1272
#8  0x00002b241826d325 in zend_execute_scripts () from /etc/httpd/modules/libphp5.so
#9  0x00002b241821e208 in php_execute_script () from /etc/httpd/modules/libphp5.so
#10 0x00002b24182f59ad in ?? () from /etc/httpd/modules/libphp5.so
#11 0x00002b240ce14a4a in ap_run_handler ()
#12 0x00002b240ce17ec2 in ap_invoke_handler ()
#13 0x00002b240ce22918 in ap_process_request ()
#14 0x00002b240ce1fb50 in ?? ()
#15 0x00002b240ce1bcb2 in ap_run_process_connection ()
#16 0x00002b240ce26769 in ?? ()
#17 0x00002b240ce269fa in ?? ()
#18 0x00002b240ce26ab0 in ?? ()
#19 0x00002b240ce2779b in ap_mpm_run ()
#20 0x00002b240ce01e48 in main ()
(gdb)


Reproduce code:
---------------
<?php

putenv('GNUPGHOME=/var/www/html/.gnupg');

$ciphertext="-----BEGIN PGP MESSAGE-----
Version: haneWIN JavascriptPG v2.0
hI8DsyTuUapgGVQQAAd9A/47cJAOKwa++fEfXKjFDsj1e01vZQVRqS4fCcLR
KbcHQe+L04vU2bRMycshlWXy/fWWkB0woK49Fto7GTi1zUvYj24TQvt/1Bev
xdcbBskJLO5tEPlZ7byV98ZJ7gL6rBs+rC4otG9UwDISVXzh6tqw43Q6c68i
JNxvy2y7MQQ0MqRxPSy5oIL/14OV2nhrgG+jIXfamlMNadZOQuD10/6G8zuo
svrkxLjFE9FtPQPXfn+S0hHWo5BRHtsJ21mkhxTnpsh0S0zM4Di1icQTQV2l
vMrlu+fSr+bEu1jD3vTgljGZTyTv8fsBa/RuNt+lu6Utk3Y=
=DULO
-----END PGP MESSAGE-----";

$gpg = new gnupg();

$gpg->seterrormode(gnupg::ERROR_EXCEPTION);
//$gpg->seterrormode(gnupg::ERROR_WARNING);
//$gpg->seterrormode(gnupg::ERROR_SILENT);

try {
        $gpg->adddecryptkey('keyname','password');
        $plaintext = $gpg->decrypt($ciphertext);
        echo $plaintext;
} catch (Exception $e) {
        echo "Error : ".$e->getMessage();
}
?>

Expected result:
----------------
Error : get_key failed

Actual result:
--------------
# tail -n1 /var/log/httpd/error_log
[Thu Jul 15 03:43:19 2010] [notice] child pid 23330 exit signal Segmentation fault (11)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-07-19 01:11 UTC] dayday0000 at gmail dot com

--- gnupg.c.old 2010-07-19 13:28:47.000000000 +0900
+++ gnupg.c     2010-07-19 13:28:12.000000000 +0900
@@ -55,7 +55,7 @@
                                php_error_docref(NULL 
TSRMLS_CC, E_WARNING, (char*)error); \
                                break; \
                        case 2: \
-                               
zend_throw_exception(zend_exception_get_default(), (char*) 
error,
+                               zend_throw_exception(NULL, 
(char*)error, 0 TSRMLS_CC); \
                                break; \
                        default: \
                                intern->errortxt = 
(char*)error; \

[2010-07-19 22:45 UTC] dayday0000 at gmail dot com

--- gnupg.c.old 2010-07-20 09:21:55.000000000 +0900
+++ gnupg.c     2010-07-20 09:21:43.000000000 +0900
@@ -20,6 +20,7 @@
 #include "php_ini.h"
 #include "ext/standard/info.h"
 #include "php_gnupg.h"
+#include "zend_exceptions.h"

 #ifdef ZEND_ENGINE_2
 #include "php_gnupg_keylistiterator.h"

[2011-06-21 18:52 UTC] justin dot crone at epicmaneuvers dot com

Using version 1.3.2 gnupg pecl extension on Fedora 15 x86_64 
with apache 2.2.17, php 5.3.6, gpgme 1.3.0 I can repeat this 
error. The segfault only seems to occur when using 
gnupg::ERROR_EXCEPTION and is resolved by adding #include 
"zend_exceptions.h".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 16:01:28 2024 UTC