php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #48081 stream_socket_client with SSL causes SEGFAULT
Submitted: 2009-04-26 17:26 UTC Modified: 2009-04-26 20:40 UTC
From: alexander at wright-family dot me dot uk Assigned: pajoye (profile)
Status: Not a bug Package: Reproducible crash
PHP Version: 5.2.9 OS: Gentoo Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: alexander at wright-family dot me dot uk
New email:
PHP Version: OS:

 

 [2009-04-26 17:26 UTC] alexander at wright-family dot me dot uk 
Description:
------------
PHPInfo located here: http://www.wright-family.me.uk/shared/phpinfo.txt

Using hardened profile Gentoo Linux:
Linux beth 2.6.25-hardened-r11 #6 SMP Tue Dec 23 08:37:01 GMT 2008 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ AuthenticAMD GNU/Linux

Attached code causes a segfault when executing the stream_socket_client() function.

Using TCP rather than SSL works correctly (i.e. without a segfault).

Reproduce code:
---------------
<?php

$context = stream_context_create();
$errno = 0;
$errstr = "";
$socket = stream_socket_client('ssl://www.google.com:443',$errno,$errstr,60,STREAM_CLIENT_CONNECT,$context);
echo "\nError:{$errno}: {$errstr}\n";

while (($line = @fgets($socket)) !== false) {
        if ($line) {
                $response .= $line;
                if (rtrim($line) === '') break;
  }
}
echo "\n\nHeaders:\n{$response}\n\n";
?>


Expected result:
----------------
Code should connect to google, and attempt to read some data.

Actual result:
--------------
Backtrace:


#0  0xffffffffff70085e in ?? ()
#1  0x00006f972c5797f2 in gettimeofday ()
#2  0x00006f97251c32ba in gettimeofday () from /lib/libc.so.6
#3  0x000005b28362a9f0 in ?? () from /usr/lib64/php5/bin/php
#4  0x000005b28362a2a5 in ?? () from /usr/lib64/php5/bin/php
#5  0x000005b2839cec4f in _php_stream_set_option () from /usr/lib64/php5/bin/php
#6  0x000005b2839e0cbf in php_stream_xport_crypto_enable () from /usr/lib64/php5/bin/php
#7  0x000005b28362a361 in ?? () from /usr/lib64/php5/bin/php
#8  0x000005b2839cec4f in _php_stream_set_option () from /usr/lib64/php5/bin/php
#9  0x000005b2839e0718 in php_stream_xport_connect () from /usr/lib64/php5/bin/php
#10 0x000005b2839e0229 in _php_stream_xport_create () from /usr/lib64/php5/bin/php
#11 0x000005b28396a9e3 in zif_stream_socket_client () from /usr/lib64/php5/bin/php
#12 0x000005b283a5f371 in execute_internal () from /usr/lib64/php5/bin/php
#13 0x00006f9724b0f5dd in ?? () from /usr/lib64/php5/lib/php/extensions/debug-zts-20060613/suhosin.so
#14 0x000005b283a5fe93 in ?? () from /usr/lib64/php5/bin/php
#15 0x000005b283a67e4c in ?? () from /usr/lib64/php5/bin/php
#16 0x000005b283a5f7ac in execute () from /usr/lib64/php5/bin/php
#17 0x00006f9724b0c6eb in ?? () from /usr/lib64/php5/lib/php/extensions/debug-zts-20060613/suhosin.so
#18 0x00006f9724b0c785 in ?? () from /usr/lib64/php5/lib/php/extensions/debug-zts-20060613/suhosin.so
#19 0x000005b283a2c0fe in zend_execute_scripts () from /usr/lib64/php5/bin/php
#20 0x000005b2839ab8ed in php_execute_script () from /usr/lib64/php5/bin/php
#21 0x000005b283adb1a3 in main () from /usr/lib64/php5/bin/php

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-04-26 18:28 UTC] scottmac@php.net 
Can you remove sushosin and get debug symbols for the rest of the php binary.

I can't reproduce this on 5.2.10-dev or 5.3.0-dev


Output is:
Warning: stream_socket_client(): unable to connect to ssl://www.google.com:443 (Operation now in progress) in /private/tmp/test.php on line 7

Error:36: Operation now in progress


Headers:
 [2009-04-26 19:06 UTC] alexander at wright-family dot me dot uk 
Suhosin removed. Is this enough debug info?

Cheers.

(gdb) bt
#0  0xffffffffff70085e in ?? ()
#1  0x00006ad6211f47f2 in gettimeofday ()
#2  0x00006ad619e3e2ba in gettimeofday () from /lib/libc.so.6
#3  0x00000000004934ff in php_openssl_enable_crypto (stream=0x12ce7e8, sslsock=0x12ce730, cparam=0x740fac178940, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/ext/openssl/xp_ssl.c:417
#4  0x0000000000492ddf in php_openssl_sockop_set_option (stream=0x12ce7e8, option=8, value=0, ptrparam=0x740fac178940, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/ext/openssl/xp_ssl.c:669
#5  0x00000000008346e0 in _php_stream_set_option (stream=0x12ce7e8, option=8, value=0, ptrparam=0x740fac178940, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/main/streams/streams.c:1155
#6  0x00000000008464cf in php_stream_xport_crypto_enable (stream=0x12ce7e8, activate=1, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/main/streams/transports.c:371
#7  0x0000000000492e9b in php_openssl_sockop_set_option (stream=0x12ce7e8, option=7, value=0, ptrparam=0x740fac178b00, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/ext/openssl/xp_ssl.c:689
#8  0x00000000008346e0 in _php_stream_set_option (stream=0x12ce7e8, option=7, value=0, ptrparam=0x740fac178b00, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/main/streams/streams.c:1155
#9  0x0000000000845f28 in php_stream_xport_connect (stream=0x12ce7e8, name=0x12cd8ce "www.google.com:443", namelen=18, asynchronous=0,
    timeout=0x740fac178e60, error_text=0x740fac178d08, error_code=0x740fac178e4c, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/main/streams/transports.c:230
#10 0x0000000000845a39 in _php_stream_xport_create (name=0x12cd8ce "www.google.com:443", namelen=18, options=12, flags=2, persistent_id=0x0,
    timeout=0x740fac178e60, context=0x12c2d20, error_string=0x740fac178e38, error_code=0x740fac178e4c, __php_stream_call_depth=0,
    __zend_filename=0xc04480 "/var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/ext/standard/streamsfuncs.c", __zend_lineno=129,
    __zend_orig_filename=0x0, __zend_orig_lineno=0, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/main/streams/transports.c:143
#11 0x00000000007d21a6 in zif_stream_socket_client (ht=6, return_value=0x12cda30, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1,
    tsrm_ls=0xfad400) at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/ext/standard/streamsfuncs.c:126
#12 0x00000000008c285d in execute_internal (execute_data_ptr=0x740fac179460, return_value_used=1, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/Zend/zend_execute.c:1373
#13 0x00006ad61978a5dd in ?? () from /usr/lib64/php5/lib/php/extensions/debug-zts-20060613/suhosin.so
#14 0x00000000008c337f in zend_do_fcall_common_helper_SPEC (execute_data=0x740fac179460, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/Zend/zend_vm_execute.h:202
#15 0x00000000008cb2fa in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x740fac179460, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/Zend/zend_vm_execute.h:1729
#16 0x00000000008c2c98 in execute (op_array=0x12cb8c0, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/Zend/zend_vm_execute.h:92
#17 0x00006ad6197876eb in ?? () from /usr/lib64/php5/lib/php/extensions/debug-zts-20060613/suhosin.so
#18 0x00006ad619787785 in ?? () from /usr/lib64/php5/lib/php/extensions/debug-zts-20060613/suhosin.so
#19 0x000000000088ffcc in zend_execute_scripts (type=8, tsrm_ls=0xfad400, retval=0x0, file_count=3)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/Zend/zend.c:1134
#20 0x00000000008126c7 in php_execute_script (primary_file=0x740fac17bc00, tsrm_ls=0xfad400)
    at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/main/main.c:2023
#21 0x000000000093e561 in main (argc=2, argv=0x740fac17bec8) at /var/tmp/portage/dev-lang/php-5.2.9-r2/work/php-5.2.9/sapi/cli/php_cli.c:1133
(gdb)
 [2009-04-26 19:09 UTC] alexander at wright-family dot me dot uk 
Also available here:
http://www.wright-family.me.uk/shared/phpgdb.txt
 [2009-04-26 20:02 UTC] alexander at wright-family dot me dot uk 
Further information:

Buggy PHP compiled with x86_64-pc-linux-gnu-3.4.6

I compiled the same version of PHP on another AMD64 machine with x86_64-pc-linux-gnu-4.2.4 and this works correctly (with suhosin enabled).
 [2009-04-26 20:39 UTC] pajoye@php.net 
Which openssl version do you use?

Can you try to compile PHP yourself and see if you can reproduce this problem?
 [2009-04-26 20:40 UTC] pajoye@php.net 
missed the last comment, no php bug then > bogus.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 25 17:01:29 2024 UTC