PHP :: Bug #13052 :: Empty $key in mcrypt_generic

Bug #13052	Empty $key in mcrypt_generic_init causes segmentation fault
Submitted:	2001-08-30 04:08 UTC	Modified:	2001-09-07 02:25 UTC
From:	naomi at humanfactors dot edu dot au	Assigned:	derick (profile)
Status:	Closed	Package:	mcrypt related
PHP Version:	4.0.6	OS:	GNU 1.0.3
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	naomi at humanfactors dot edu dot au
New email:
PHP Version:		OS:

New Comment:

[2001-08-30 04:08 UTC] naomi at humanfactors dot edu dot au

Calling mcrypt_generic_init with an empty $key causes a segmentation fault in Apache. Obviously $key should not be empty, but errors will be made, so perhaps a parse error could be generated in this event rather than a crash.

Example Code
<?php
//Open encryption module
$td = mcrypt_module_open (MCRYPT_ARCFOUR, "", MCRYPT_MODE_STREAM, "");
srand ((double) microtime() * 1000000);
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);

//Encrypt data
$data = "message";
mcrypt_generic_init($td, $key, $iv);//HERE IS THE PROBLEM
$encrypted_data = mcrypt_generic ($td, $data);
mcrypt_generic_end ($td);
?>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-09-07 02:25 UTC] derick@php.net

Fixed in CVS (will be in 4.0.7)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 00:01:29 2024 UTC