php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #60895 null pointer dereference in php_win32_free_rng_lock()
Submitted: 2012-01-26 19:45 UTC Modified: 2012-01-27 10:56 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: root at ihack dot net Assigned: pajoye (profile)
Status: Closed Package: Unknown/Other Function
PHP Version: 5.3.9 OS: Windows Server 2008 R2 x64
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: root at ihack dot net
New email:
PHP Version: OS:

 

 [2012-01-26 19:45 UTC] root at ihack dot net 
Description:
------------
If php_win32_get_random_bytes() has never been called, then this line of code:

+	CryptReleaseContext(hCryptProv, 0);

passes a null pointer, resulting in a C0000005 exception in 
CryptReleaseContext().  This line should be preceded by:

        if (has_crypto_ctx)

This was specifically tested with the windows.php.net 32-bit TS build running on 
64-bit Windows.  I do not know how it behaves in other configurations.


Test script:
---------------
I do not have a short test case, but the bug is pretty obvious.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-01-26 19:47 UTC] root at ihack dot net 
BTW, this bug was introduced in revision 312201, during the 5.3.7 release cycle.
 [2012-01-27 10:56 UTC] pajoye@php.net 
Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&revision=322843
Log: - fix #60895, possible invalid handler usage
 [2012-01-27 10:56 UTC] pajoye@php.net 
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.
 [2012-01-27 10:56 UTC] pajoye@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: pajoye
 [2012-04-18 09:46 UTC] laruence@php.net 
Automatic comment on behalf of pajoye
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1e462057cdcb82c57c18dbb45ca21893def6ac56
Log: - fix #60895, possible invalid handler usage
 [2012-07-24 23:37 UTC] rasmus@php.net 
Automatic comment on behalf of pajoye
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1e462057cdcb82c57c18dbb45ca21893def6ac56
Log: - fix #60895, possible invalid handler usage
 [2013-11-17 09:34 UTC] laruence@php.net 
Automatic comment on behalf of pajoye
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1e462057cdcb82c57c18dbb45ca21893def6ac56
Log: - fix #60895, possible invalid handler usage
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 14:01:29 2024 UTC