|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #49738 calling mcrypt after mcrypt_generic_deinit crashes
Submitted: 2009-10-01 16:17 UTC Modified: 2009-10-02 00:16 UTC
From: Assigned: srinatar
Status: Closed Package: mcrypt related
PHP Version: 5.2.11 OS: Windows XP
Private report: No CVE-ID:
 [2009-10-01 16:17 UTC]
In bug # 41252, it was observed that, in PHP4, calling mcrypt_generic() before calling mcrypt_module_open() would cause PHP4 to crash.  PHP5 apparently had extra checks to protect against this that were backported.  These extra checks, however, do not appear to be sufficient, as the following reproduce code demonstrates.

Sure, calling mcrypt_generic_deinit() before calling mcrypt_generic is probably not something you ought to be doing, anyway, but I still don't think it ought to crash PHP.

Reproduce code:
$td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_ECB, '');
mcrypt_generic_init($td, 'aaaaaaaa', 'aaaaaaaa');
echo mcrypt_generic($td, 'aaaaaaaa');

Expected result:
Warning: mcrypt_generic(): Operation disallowed prior to
mcrypt_generic_init() in {filename} on line 5

Actual result:
It crashes.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-10-01 16:19 UTC]
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read for *NIX and for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

 [2009-10-01 19:58 UTC]
thanks for reporting this issue. 

i was able to reproduce this and here is the back trace

current thread: t@1
  [1] permute_ip(0x8c6fa70, 0x0, 0x8046588, 0xfeeec5ea), at 0xfeeeca3e
  [2] des_LTX__mcrypt_encrypt(0x0, 0x8c6fa70, 0x0, 0xfeef00b2), at 0xfeeec603
  [3] ecb_LTX__mcrypt(0x0, 0x8c6fa70, 0x8, 0x8, 0x0, 0xfeeec5dc, 0xfeeec7dc, 0xfeee6732), at 0xfeef0153
  [4] mcrypt(0x8dfcd20, 0x0, 0x8c6fa70, 0x8, 0x8046678), at 0xfeee676f
=>[5] mcrypt_generic(0x8dfcd20, 0x8c6fa70, 0x8), at 0xfeee50a0
  [6] zif_mcrypt_generic(ht = 2, return_value = 0x8c6f938, return_value_ptr = (nil), this_ptr = (nil), return_value_used = 1), line 682 in "mcrypt.c"
  [7] zend_do_fcall_common_helper_SPEC(execute_data = 0x8dfcf60), line 313 in "zend_vm_execute.h"
  [8] ZEND_DO_FCALL_SPEC_CONST_HANDLER(execute_data = 0x8dfcf60), line 1602 in "zend_vm_execute.h"
  [9] execute(op_array = 0x8c6f098), line 104 in "zend_vm_execute.h"
  [10] zend_execute_scripts(type = 8, retval = (nil), file_count = 3, ... = (nil), ...), line 1188 in "zend.c"
  [11] php_execute_script(primary_file = 0x8047140), line 2214 in "main.c"
  [12] main(argc = 2, argv = 0x80471bc), line 1190 in "php_cli.c"

here is why this issue is happening

when mcrypt_generic_deinit is invoked , we should set init = 0 so that next request of mcrypt_generic will force user to invoke generic_init again.

here is a patch that can address this bug
[sriramn@sriramn]'PHP_5_3'>svn diff
Index: ext/mcrypt/mcrypt.c
--- ext/mcrypt/mcrypt.c (revision 289068)
+++ ext/mcrypt/mcrypt.c (working copy)
@@ -780,6 +780,7 @@
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not terminate encryption specifier");
+       pm->init = 0;
 /* }}} */

 [2009-10-02 00:13 UTC]
Automatic comment from SVN on behalf of srinatar
Log: - Fixed bug #49738 (calling mcrypt after mcrypt_generic_deinit crashes).
 [2009-10-02 00:16 UTC]
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

 [2009-10-09 17:28 UTC]
Automatic comment from SVN on behalf of pajoye
Log: - Merge: Fixed bug #49738 (calling mcrypt after mcrypt_generic_deinit crashes)
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Tue Dec 01 18:01:33 2015 UTC