php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #69004 openssl_pkcs12_export_to_file segfault
Submitted: 2015-02-07 09:32 UTC Modified: 2021-07-07 09:23 UTC
From: gmblar+php at gmail dot com Assigned: cmb (profile)
Status: Closed Package: OpenSSL related
PHP Version: 5.6.5 OS: MacOSX 10.10.2
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: gmblar+php at gmail dot com
New email:
PHP Version: OS:

 

 [2015-02-07 09:32 UTC] gmblar+php at gmail dot com 
Description:
------------
openssl_pkcs12_export_to_file crash with "Segmentation fault: 11"


Code works without segfault if:

* remove the line "$privateKey = new PrivateKey($privateKey);"
* var_dump something after openssl_pkcs12_export_to_file


Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x000000012b86af59
0x00000001001f0c25 in gc_zval_possible_root ()
(gdb) bt
#0  0x00000001001f0c25 in gc_zval_possible_root ()
#1  0x00000001001e2046 in zend_hash_bucket_delete ()
#2  0x00000001001e20ac in zend_hash_graceful_reverse_destroy ()
#3  0x00000001001c8027 in shutdown_executor ()
#4  0x00000001001d6227 in zend_deactivate ()
#5  0x000000010017d045 in php_request_shutdown ()
#6  0x000000010025f7d7 in do_cli ()
#7  0x000000010025e354 in main ()

Test script:
---------------
<?php

class PrivateKey {

    public $data;

    public function __construct($data) {
        $this->data = $data;
    }

    public function __toString() {
        openssl_pkey_export($this->data, $output);
        return $output;
    }

}

$csr = openssl_csr_new([], $privateKey);
$certificate = openssl_csr_sign($csr, NULL, $privateKey, 1);

$privateKey = new PrivateKey($privateKey);
openssl_pkcs12_export_to_file($certificate, '/tmp/test.p12', $privateKey, '');

# var_dump('bar');

Expected result:
----------------
Nothing

Actual result:
--------------
Segmentation fault: 11

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-02-07 09:44 UTC] gmblar+php at gmail dot com 
Same with PHP 5.6.5-1~dotdeb.1 on debian 7.6

Stacktrace:

Program received signal SIGSEGV, Segmentation fault.
0x00000000006fa489 in gc_zval_possible_root ()
(gdb) bt
#0  0x00000000006fa489 in gc_zval_possible_root ()
#1  0x00000000006e7316 in ?? ()
#2  0x00000000006e8a38 in zend_hash_graceful_reverse_destroy ()
#3  0x00000000006ca0d6 in ?? ()
#4  0x00000000006da735 in zend_deactivate ()
#5  0x0000000000676553 in php_request_shutdown ()
#6  0x000000000077f948 in ?? ()
#7  0x0000000000433b7f in ?? ()
#8  0x00007ffff503eeed in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#9  0x0000000000433c15 in _start ()
 [2021-07-07 08:48 UTC] cmb@php.net 
I cannot reproduce this with PHP-7.4.  Is this still an issue for
you with any of the actively maintained PHP versions[1]?

[1] <https://www.php.net/supported-versions.php>
 [2021-07-07 08:48 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2021-07-07 09:20 UTC] gmblar+php at gmail dot com 
Works for me in PHP 8.0.7
 [2021-07-07 09:23 UTC] cmb@php.net
-Status: Feedback +Status: Closed
 [2021-07-07 09:23 UTC] cmb@php.net 
Thanks for the swift reply!  Closing then.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Jul 01 22:01:36 2025 UTC