PHP :: Bug #68912 :: Segmentation fault at openssl_spki

Bug #68912	Segmentation fault at openssl_spki_new
Submitted:	2015-01-25 18:03 UTC	Modified:	-
From:	fernando at null-life dot com	Assigned:
Status:	Closed	Package:	OpenSSL related
PHP Version:	5.6.5	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	fernando at null-life dot com
New email:
PHP Version:		OS:

New Comment:

[2015-01-25 18:03 UTC] fernando at null-life dot com

Description:
------------
There is a segfault when calling openssl_spki_new with an invalid resource. I *think* it may be related to calling strlen(s) when s is NULL.



Test script:
---------------
<?php

$var1=xml_parser_create_ns();
$var2=2; 
$var3=3; 

openssl_spki_new($var1, $var2, $var3);


Expected result:
----------------
Not segfault

Actual result:
--------------
(gdb) run 2.php
Starting program: /usr/bin/php 2.php

PHP Warning:  openssl_spki_new(): supplied resource is not a valid OpenSSL X.509/key resource in /home/fmunozs/bugs/php/2.php on line 8
PHP Warning:  openssl_spki_new(): Unable to use supplied private key in /home/fmunozs/bugs/php/2.php on line 8

Program received signal SIGSEGV, Segmentation fault.
zif_openssl_spki_new (ht=3, return_value=0xb788acb0, return_value_ptr=0xb787007c, this_ptr=0x0, return_value_used=0) at /home/fmunozs/php/src/php-5.6.5/ext/openssl/openssl.c:1535
1535            if (strlen(s) <= 0) {
(gdb) bt
#0  zif_openssl_spki_new (ht=3, return_value=0xb788acb0, return_value_ptr=0xb787007c, this_ptr=0x0, return_value_used=0) at /home/fmunozs/php/src/php-5.6.5/ext/openssl/openssl.c:1535
#1  0x08ce66ed in zend_do_fcall_common_helper_SPEC (execute_data=0xb78700c8) at /home/fmunozs/php/src/php-5.6.5/Zend/zend_vm_execute.h:558
#2  0x08b2eacf in execute_ex (execute_data=0xb78700c8) at /home/fmunozs/php/src/php-5.6.5/Zend/zend_vm_execute.h:363
#3  0x08bc2eac in zend_execute (op_array=0xb7889e28) at /home/fmunozs/php/src/php-5.6.5/Zend/zend_vm_execute.h:388
#4  0x08a2f46b in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/fmunozs/php/src/php-5.6.5/Zend/zend.c:1341
#5  0x0884cf7e in php_execute_script (primary_file=0xbfffe494) at /home/fmunozs/php/src/php-5.6.5/main/main.c:2584
#6  0x08cee870 in do_cli (argc=-1, argc@entry=2, argv=0xb788a228, argv@entry=0x94da838) at /home/fmunozs/php/src/php-5.6.5/sapi/cli/php_cli.c:994
#7  0x0806c7e9 in main (argc=2, argv=0x94da838) at /home/fmunozs/php/src/php-5.6.5/sapi/cli/php_cli.c:1378
#8  0xb7976e5e in __libc_start_main () from /usr/lib/libc.so.6
#9  0x0806c9f7 in _start ()

Patches

pangit143 (last revision 2015-08-06 03:28 UTC by veveykocute1234 at gmail dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-02-16 06:20 UTC] laruence@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=830998811112d60a9fe98c7e2b86250ccf75d6f4
Log: Fixed bug #68912 (Segmentation fault at openssl_spki_new)

[2015-02-16 06:20 UTC] laruence@php.net

-Status: Open +Status: Closed

[2015-02-16 06:23 UTC] laruence@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=830998811112d60a9fe98c7e2b86250ccf75d6f4
Log: Fixed bug #68912 (Segmentation fault at openssl_spki_new)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Feb 01 02:01:30 2025 UTC