PHP :: Bug #70553 :: OpenSSL DLL blocking PHP on non-existent drive access

Bug #70553	OpenSSL DLL blocking PHP on non-existent drive access
Submitted:	2015-09-22 19:26 UTC	Modified:	2015-09-22 20:51 UTC
From:	bob at exnet dot com	Assigned:	ab (profile)
Status:	Duplicate	Package:	OpenSSL related
PHP Version:	7.0.0RC3	OS:	Windows
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	bob at exnet dot com
New email:
PHP Version:		OS:

New Comment:

[2015-09-22 19:26 UTC] bob at exnet dot com

Description:
------------
the libeay32.dll (OpenSSL) appears to be a dependency of several other PHP modules, postgres, cURL etc..   It accesses a non existent drive D:, which then causes a dialog to appear, and the PHP script blocks until it's clicked.


Test script:
---------------
affects PHP even before a script runs.
php --version  even triggers it.

Expected result:
----------------
don't access drives on my machine that don't even exist!

Actual result:
--------------
accesses non existent drives, causing the running of PHP to block.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-09-22 19:35 UTC] stas@php.net

-Status: Open +Status: Feedback -Type: Security +Type: Bug

[2015-09-22 19:35 UTC] stas@php.net

Could you please provide the screenshot or other detailed description of the dialog you are seeing?

[2015-09-22 19:47 UTC] ab@php.net

-Type: Bug +Type: Security -Assigned To: +Assigned To: ab -Private report: No +Private report: Yes

[2015-09-22 19:47 UTC] ab@php.net

Thanks for the report. Have you tried something like process monitor to check what exactly is looked for on drive d:? Just a guess, it might be the openssl.cnf path, but have to check.

Which Windows do you use? I've just tried on a machine with only disk c: and no popups, no hanging (but if the config path is wrong, should be fixed anyway).

And, btw - why is this security? It's still RC. If there's no particular reason, probably should be set to a normal bug.

Thanks.

[2015-09-22 19:54 UTC] ab@php.net

-Type: Security +Type: Bug

[2015-09-22 19:54 UTC] ab@php.net

Ah, Stas already set it to the bug, we just had a race condition :)

@bob could you please try the env vars described here http://php.net/manual/en/openssl.installation.php for configuration? Like OPENSSL_CONF, that should override the default paths anyway.

Thanks.

[2015-09-22 19:59 UTC] requinix@php.net

Sounds like bug #68312, which @bob also commented on today.

[2015-09-22 20:51 UTC] ab@php.net

-Status: Feedback +Status: Duplicate

[2015-09-22 20:51 UTC] ab@php.net

Yes, you're right - this one is the duplicate. It is the same issue, lets handle it there.

Thanks.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 20:01:29 2024 UTC