|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #13052 Empty $key in mcrypt_generic_init causes segmentation fault
Submitted: 2001-08-30 04:08 UTC Modified: 2001-09-07 02:25 UTC
From: naomi at humanfactors dot edu dot au Assigned: derick (profile)
Status: Closed Package: mcrypt related
PHP Version: 4.0.6 OS: GNU 1.0.3
Private report: No CVE-ID: None
 [2001-08-30 04:08 UTC] naomi at humanfactors dot edu dot au
Calling mcrypt_generic_init with an empty $key causes a segmentation fault in Apache. Obviously $key should not be empty, but errors will be made, so perhaps a parse error could be generated in this event rather than a crash.

Example Code
//Open encryption module
$td = mcrypt_module_open (MCRYPT_ARCFOUR, "", MCRYPT_MODE_STREAM, "");
srand ((double) microtime() * 1000000);
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);

//Encrypt data
$data = "message";
mcrypt_generic_init($td, $key, $iv);//HERE IS THE PROBLEM
$encrypted_data = mcrypt_generic ($td, $data);
mcrypt_generic_end ($td);


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-09-07 02:25 UTC]
Fixed in CVS (will be in 4.0.7)
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu Feb 21 16:01:25 2019 UTC