php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #21989 openssl_csr_new causes apache+modphp to segfault
Submitted: 2003-01-31 13:58 UTC Modified: 2003-02-03 17:23 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: cw at f00f dot org Assigned: iliaa (profile)
Status: Closed Package: OpenSSL related
PHP Version: 4.3.0 OS: Linux x86 (2.4.x, glibc 2.3)
Private report: No CVE-ID: None
 [2003-01-31 13:58 UTC] cw at f00f dot org
When php 4.3.0 is compiled as loaded as an apache module (apache 1.3.27 from Debian Linux) accessing the function openssl_csr_new causes apache to segfault.

Building php as a CGI this apparently does not happen (but I've not investigated this all that closely).

Attaching to the apache process (where modphp has been build with symbols) shows the actual segfault occurs inside php_openssl_make_REQ (no stack trace available as I guess something get's clobbered and messes this up).

Placing a breakpoint at php_openssl_make_REQ I see it is entered with a stack of:

Breakpoint 2, php_openssl_make_REQ (req=0xbfffcf24, csr=0x8116c70, dn=0x8117e1c, attribs=0x0)
    at /home/cw/wk/zaphod/php4/php4-4.3.0/ext/openssl/openssl.c:1143
1143            STACK_OF(CONF_VALUE) * dn_sk, *attr_sk = NULL;
(gdb) bt
#0  php_openssl_make_REQ (req=0xbfffcf24, csr=0x8116c70, dn=0x8117e1c, attribs=0x0)
    at /home/cw/wk/zaphod/php4/php4-4.3.0/ext/openssl/openssl.c:1143
#1  0x403a8429 in zif_openssl_csr_new (ht=2, return_value=0x81163ec, this_ptr=0x0, return_value_used=1)
    at /home/cw/wk/zaphod/php4/php4-4.3.0/ext/openssl/openssl.c:1583
#2  0x404adf62 in execute (op_array=0x811333c) at /home/cw/wk/zaphod/php4/php4-4.3.0/Zend/zend_execute.c:1596
#3  0x4049af24 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/cw/wk/zaphod/php4/php4-4.3.0/Zend/zend.c:864
#4  0x4045fd53 in php_execute_script (primary_file=0xbffff764) at /home/cw/wk/zaphod/php4/php4-4.3.0/main/main.c:1573
#5  0x404b3470 in apache_php_module_main (r=0x8109564, display_source_mode=0) at /home/cw/wk/zaphod/php4/php4-4.3.0/sapi/apache/sapi_apache.c:55
#6  0x404b4410 in send_php (r=0x8109564, display_source_mode=0, filename=0x810b0dc "/var/www/other.php")
    at /home/cw/wk/zaphod/php4/php4-4.3.0/sapi/apache/mod_php4.c:556
#7  0x404b448f in send_parsed_php (r=0x8109564) at /home/cw/wk/zaphod/php4/php4-4.3.0/sapi/apache/mod_php4.c:571
#8  0x08053b34 in ap_invoke_handler ()
#9  0x0806368c in ap_some_auth_required ()
#10 0x080636e8 in ap_process_request ()
#11 0x0805ce2b in ap_child_terminate ()
#12 0x0805cfbc in ap_child_terminate ()
#13 0x0805d0d9 in ap_child_terminate ()
#14 0x0805d5b5 in ap_child_terminate ()
#15 0x0805dcbd in main ()
#16 0x400e59f1 in __libc_start_main () from /lib/libc.so.6

and then dies at php4-4.3.0/ext/openssl/openssl.c line 1185 (the call to X509_NAME_add_entry_by_NID):

Breakpoint 4, php_openssl_make_REQ (req=0xbfffcf24, csr=0x8116c70, dn=0x8117e1c, attribs=0x0)
    at /home/cw/wk/zaphod/php4/php4-4.3.0/ext/openssl/openssl.c:1185
1185                                            if (!X509_NAME_add_entry_by_NID(subj, nid, MBSTRING_ASC,
(gdb) n

Program received signal SIGSEGV, Segmentation fault.
0x402c6f8b in sk_value () from /usr/lib/i686/cmov/libcrypto.so.0.9.6
(gdb) 


I don't know enough about this call, php or indeed anything to really know what variables to poke and look at further.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-02-03 15:29 UTC] iliaa@php.net
What parameters are you passing to the function, but first try to see if the problem persists in the latest snapshot of PHP.
 [2003-02-03 15:38 UTC] cw at f00f dot org
the test/demo code from http://php.planetmirror.com/manual/en/function.openssl-csr-new.php suffices to trigger this:

$dn = array(
    "countryName" => "UK",
    "stateOrProvinceName" => "Somerset",
    "localityName" => "Glastonbury",
    "organizationName" => "The Brain Room Limited",
    "organizationalUnitName" => "PHP Documentation Team",
    "commonName" => "Wez Furlong",
    "emailAddress" => "wez@php.net"
);

// Generate a new private (and public) key pair
$privkey = openssl_pkey_new();

// Generate a certificate signing request
$csr = openssl_csr_new($dn, $privkey); // kaboom
 [2003-02-03 16:22 UTC] iliaa@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

I cannot replicate the described bug using latest CVS + openssl 0.9.7. Try downloading a snapshot and see if the crash still occurs.
 [2003-02-03 17:17 UTC] cw at f00f dot org
The snapshot version appears to work correctly.

Will a fix be back ported to a stable branch(?) or is STABLE-latest considered as stable as a release or very nearly so?
 [2003-02-03 17:23 UTC] iliaa@php.net
The 'STABLE' branch will be released as 4.3.1 at some future point.

Closing the report as the user indicated the bug no longer occurs in latest CVS.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Tue Nov 24 12:01:28 2020 UTC