php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #67340 Segfault on verifying NULL
Submitted: 2014-05-25 15:51 UTC Modified: 2021-07-07 10:54 UTC
Votes:2
Avg. Score:4.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: t dot g at cybernetic-solutions dot de Assigned: cmb (profile)
Status: Closed Package: gnupg (PECL)
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: t dot g at cybernetic-solutions dot de
New email:
PHP Version: OS:

 

 [2014-05-25 15:51 UTC] t dot g at cybernetic-solutions dot de 
Description:
------------
gnupg segfaults when calling gnupg_verify with NULL as signature

Test script:
---------------
<?
$res = gnupg_init();
gnupg_verify($res,Null,False);
?>

Expected result:
----------------
some kind of error

Actual result:
--------------
segfault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-11-11 10:58 UTC] j_schumann at gmx dot de 
Calling gnupg_verify() with NULL or FALSE as message causes a segmentation fault.

$gpg = gnupg_init();

$result = gnupg_verify($gpg, false, false);
var_dump($result);

$result = gnupg_verify($gpg, null, false);
var_dump($result);

Backtrace:

#0  __memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:33
#1  0x00007ff9b33a05f3 in ?? () from /usr/lib/x86_64-linux-gnu/libgpgme.so.11
#2  0x00007ff9b339f80d in gpgme_data_read () from /usr/lib/x86_64-linux-gnu/libgpgme.so.11
#3  0x00007ff9b33a0108 in ?? () from /usr/lib/x86_64-linux-gnu/libgpgme.so.11
#4  0x00007ff9b33a2a14 in ?? () from /usr/lib/x86_64-linux-gnu/libgpgme.so.11
#5  0x00007ff9b33a324c in ?? () from /usr/lib/x86_64-linux-gnu/libgpgme.so.11
#6  0x00007ff9b33a6a20 in gpgme_op_verify () from /usr/lib/x86_64-linux-gnu/libgpgme.so.11
#7  0x00007ff9b35d5c3a in zif_gnupg_verify (ht=2, return_value=0x7ff9c36f9fa8, return_value_ptr=<optimized out>, this_ptr=<optimized out>,
    return_value_used=<optimized out>) at /tmp/pear/temp/gnupg/gnupg.c:1163
#8  0x00007ff9bd458c6b in dtrace_execute_internal () from /usr/lib/apache2/modules/libphp5.so
#9  0x00007ff9bd518cc5 in ?? () from /usr/lib/apache2/modules/libphp5.so
#10 0x00007ff9bd4929f8 in execute_ex () from /usr/lib/apache2/modules/libphp5.so
#11 0x00007ff9bd458b69 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp5.so
#12 0x00007ff9bd46a5f0 in zend_execute_scripts () from /usr/lib/apache2/modules/libphp5.so
#13 0x00007ff9bd40a4d5 in php_execute_script () from /usr/lib/apache2/modules/libphp5.so
#14 0x00007ff9bd51a94a in ?? () from /usr/lib/apache2/modules/libphp5.so
#15 0x00007ff9c202f680 in ap_run_handler ()
#16 0x00007ff9c202fbc9 in ap_invoke_handler ()
#17 0x00007ff9c2044c2c in ap_internal_redirect ()
#18 0x00007ff9bb818cfc in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
#19 0x00007ff9c202f680 in ap_run_handler ()
#20 0x00007ff9c202fbc9 in ap_invoke_handler ()
#21 0x00007ff9c204516a in ap_process_async_request ()
#22 0x00007ff9c2045444 in ap_process_request ()
#23 0x00007ff9c2041f02 in ?? ()
#24 0x00007ff9c2038cc0 in ap_run_process_connection ()
#25 0x00007ff9bde3a767 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#26 0x00007ff9bde3a9a6 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#27 0x00007ff9bde3aa06 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#28 0x00007ff9bde3b6e0 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#29 0x00007ff9c201669e in ap_run_mpm ()
#30 0x00007ff9c200fe36 in main ()

Ubuntu 14.04 (64bit)
GPGme Version 1.4.3
Extension Version 1.3.3-dev
(latest available in Ubuntu 14.04 with "pecl install gnupg" and newest according to http://pecl.php.net/package/gnupg)

I want to reference https://bugs.php.net/bug.php?id=59598 as that bug from 2011 is still open because v1.3.4 is not yet released/available. Maybe both bugs could be fixed and 1.3.4 released in short time?
 [2021-07-07 10:32 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2021-07-07 10:32 UTC] cmb@php.net 
Does this still happen with the latest gnupg (1.5.0) and any of
the actively supported PHP versions[1]?

[1] <https://www.php.net/supported-versions.php>
 [2021-07-07 10:48 UTC] t dot g at cybernetic-solutions dot de 
I don't know if this still happens and would need to build a new test setup to see if it is still broken.

I'd be happy to declare this bug to be dead of old age... (it has been 7 years)
 [2021-07-07 10:54 UTC] cmb@php.net
-Status: Feedback +Status: Closed
 [2021-07-07 10:54 UTC] cmb@php.net 
Thanks for the swift reply!  I'm closing then.  Feel free to
reopen or file a new ticket, if you experience the issue in the
future.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 14:01:32 2024 UTC