php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46748 get_headers generates segmentation fault on HTTPS with SSLVerifyClient required
Submitted: 2008-12-04 07:39 UTC Modified: 2008-12-30 10:32 UTC
From: romanf at trash dot net Assigned: scottmac
Status: Closed Package: HTTP related
PHP Version: 5.2CVS-2008-12-08 OS: Linux (OpenSuse 11)
Private report: No CVE-ID:
 [2008-12-04 07:39 UTC] romanf at trash dot net
Description:
------------
get_headers() generates segmentation fault on HTTPS-URLs with "SSLVerifyClient required".

Reproduce code:
---------------
I put up two test-pages to reproduce the bug. One (client_none.php) has "SSLVerifyClient none" set in .htaccess, the other (client_require.php) has "SSLVerifyClient required" set.

Use the following to get the segmentation fault:

php -r "print_r(get_headers('https://fish-serv.dyndns.org/php_test/client_none.php')); print_r(get_headers('https://fish-serv.dyndns.org/php_test/client_require.php'));"


Expected result:
----------------
Second get_headers() should NOT produce a segmentation fault. It should return a normal error-code instead.

Actual result:
--------------
roman@fish-serv:~> php -r "print_r(get_headers('https://fish-serv.dyndns.org/php_test/client_none.php')); print_r(get_headers('https://fish-serv.dyndns.org/php_test/client_require.php'));"
Array
(
    [0] => HTTP/1.1 200 OK
    [1] => Date: Thu, 04 Dec 2008 07:37:52 GMT
    [2] => Server: Apache
    [3] => X-Powered-By: PHP/5.2.8-dev
    [4] => Content-Length: 136
    [5] => Connection: close
    [6] => Content-Type: text/html; charset=ISO-8859-1
)

Warning: get_headers(): SSL operation failed with code 1. OpenSSL Error messages:
error:14094410:SSL routines:func(148):reason(1040)
error:140940E5:SSL routines:func(148):reason(229) in Command line code on line 1

Warning: get_headers(https://fish-serv.dyndns.org/php_test/client_require.php): failed to open stream: HTTP request failed!  in Command line code on line 1
Segmentation fault


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-12-07 09:36 UTC] kalle@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2008-12-08 02:34 UTC] scottmac@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2008-12-08 08:14 UTC] romanf at trash dot net
Checked with Snapshot 200812080530, same result:

-------------- backtrace ------------------
roman@fish-serv2006:/usr/src/php/php5.2-200812080530> gdb /usr/local/bin/php
GNU gdb 6.6.50.20070726-cvs
Copyright (C) 2007 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-suse-linux"...
Using host libthread_db library "/lib64/libthread_db.so.1".
(gdb) run ../client_test.php
Starting program: /usr/local/bin/php ../client_test.php
[Thread debugging using libthread_db enabled]
[New Thread 0x2b3b6c2b6310 (LWP 11655)]
Array
(
    [0] => HTTP/1.1 200 OK
    [1] => Date: Mon, 08 Dec 2008 08:12:55 GMT
    [2] => Server: Apache
    [3] => X-Powered-By: PHP/5.2.9-dev
    [4] => Content-Length: 136
    [5] => Connection: close
    [6] => Content-Type: text/html; charset=ISO-8859-1
)

Warning: get_headers(): SSL operation failed with code 1. OpenSSL Error messages:
error:14094410:SSL routines:func(148):reason(1040) in /usr/src/php/client_test.php on line 3

Warning: get_headers(https://fish-serv.dyndns.org/php_test/client_require.php): failed to open stream: HTTP request failed!  in /usr/src/php/client_test.php on line 3


Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x2b3b6c2b6310 (LWP 11655)]
_zend_mm_free_int (heap=0xc5d2b0, p=0xdefd70) at /usr/src/php/php5.2-200812080530/Zend/zend_alloc.c:1973
1973            if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb) bt
#0  _zend_mm_free_int (heap=0xc5d2b0, p=0xdefd70) at /usr/src/php/php5.2-200812080530/Zend/zend_alloc.c:1973
#1  0x00000000006bcf37 in destroy_op_array (op_array=0xdedc00) at /usr/src/php/php5.2-200812080530/Zend/zend_variables.h:35
#2  0x00000000006c550c in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php/php5.2-200812080530/Zend/zend.c:1171
#3  0x0000000000682e8d in php_execute_script (primary_file=0x7fff41852460) at /usr/src/php/php5.2-200812080530/main/main.c:2023
#4  0x000000000074836b in main (argc=2, argv=0x7fff41852658) at /usr/src/php/php5.2-200812080530/sapi/cli/php_cli.c:1133
(gdb)
 [2008-12-08 11:38 UTC] jani@php.net
I can't reproduce this. Are you absolutely sure you're using the latest CVS build? And also, what openssl version are you linking PHP with?
 [2008-12-08 12:55 UTC] romanf at trash dot net
I have the same bug on two OpenSuse systems. 
Both have:

# rpm -q openssl
openssl-0.9.8e-45.5

installed. I used the following config to compile this mornings snapshot:

./configure --enable-debug --with-mysql --with-apxs2=/usr/local/apache2/bin/apxs --with-mcrypt --with-imap --with-imap-ssl --with-gettext --with-zlib --with-openssl --with-pdo-mysql --enable-mbstring=all --with-gd

Did you try the get_headers() against an HTTPS-Link that -requires- a Client-Certificate? I can reproduce this on the test-pages given in my samples *and* in a company-intranet...

Regards
Roman
 [2008-12-08 13:21 UTC] jani@php.net
duh..I had a small copy-paste error. :D Reproduced with HEAD (PHP 6), PHP_5_2 and PHP_5_3 give this error, no crash:

Warning: get_headers(): SSL operation failed with code 1. OpenSSL Error messages:
error:14094410:SSL routines:func(148):reason(1040)
error:140940E5:SSL routines:func(148):reason(229) in Command line code on line 1

Warning: get_headers(https://fish-serv.dyndns.org/php_test/client_require.php): failed to open stream: HTTP request failed!  in Command line code on line 1


 [2008-12-08 13:22 UTC] jani@php.net
HEAD seems to crash when it tries to output the error message.
 [2008-12-08 13:28 UTC] pajoye@php.net
Scott, please clarify it and add tests :)
 [2008-12-08 13:51 UTC] scottmac@php.net
I can't reproduce this on any of the branches now, though I only have x86 to test.

Jani, any chance of a backtrace on HEAD?
 [2008-12-12 04:10 UTC] crrodriguez at opensuse dot org
Cannot reproduce in 5_2 nor 5_3.
 [2008-12-12 07:40 UTC] romanf at trash dot net
What output -do- you get when you run the two tests?

-Roman
 [2008-12-29 14:57 UTC] scottmac@php.net
scott-mbp:php5_3 scott$ sapi/cli/php -r 
"print_r(get_headers('https://fish-
serv.dyndns.org/php_test/client_none.php'));print_r(get_headers('https
://fish-serv.dyndns.org/php_test/client_require.php'));"
Array
(
    [0] => HTTP/1.1 200 OK
    [1] => Date: Mon, 29 Dec 2008 14:56:39 GMT
    [2] => Server: Apache
    [3] => X-Powered-By: PHP/5.2.8
    [4] => Content-Length: 136
    [5] => Connection: close
    [6] => Content-Type: text/html; charset=ISO-8859-1
)

Warning: get_headers(): SSL operation failed with code 1. OpenSSL 
Error messages:
error:14094410:SSL routines:func(148):reason(1040)
error:140940E5:SSL routines:func(148):reason(229) in Command line code 
on line 1

Warning: get_headers(https://fish-
serv.dyndns.org/php_test/client_require.php): failed to open stream: 
HTTP request failed!  in Command line code on line 1


This is definitely fixed.
 [2008-12-30 10:32 UTC] romanf at trash dot net
Tested:

- Still open in http://snaps.php.net/php5.2-200812300730.tar.gz
- Fixed in http://snaps.php.net/php5.3-200812300730.tar.gz

Thanks!
Roman
 [2010-07-20 20:06 UTC] mrhat at bk dot ru
Hello When a request print_r (get_headers ('http://domain/error.php'));
Browser issues:
Warning: get_headers (http://domain/error.php) [function.get-headers]: failed to open stream: HTTP request failed! in X: \ home \ domain \ www \ error.php on line 7

Fatal error: Maximum execution time of 30 seconds exceeded in X: \ home \ domain \ www \ error.php on line 7

What is this bug? PHP 5.2.12
 [2010-07-20 20:43 UTC] romanf at trash dot net
Hmm.. your problem is not at all related to the issue of this bug:
you're using HTTP, the bug is in HTTPS requests only...

Apart from that: Can you give a -real- example? What are u using for "domain"?
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 02:02:11 2014 UTC