PHP :: Bug #59105 :: pecl gnupg causes Apache to segfault

Bug #59105

pecl gnupg causes Apache to segfault

Submitted:

2010-03-09 22:22 UTC

Modified:

2013-10-15 11:54 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

info at online-praesenz-beratung dot de

Assigned:

jimjag (profile)

Status:

No Feedback

Package:

gnupg (PECL)

PHP Version:

5.3.1

OS:

Debian sid

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	info at online-praesenz-beratung dot de
New email:
PHP Version:		OS:

New Comment:

[2010-03-09 22:22 UTC] info at online-praesenz-beratung dot de

Description:
------------
On Debian sid with PHP 5.3.1-5 and Apache 2.2.15, pecl gnupg causes the Apache child that executes the script to segfault. 

I recompiled pecl gnupg for PHP 5.3.1-5 on Debian sid, and after this, I got segfaults in the Apache log when trying to encrypt an e-mail:

[Wed Mar 10 03:45:02 2010] [notice] child pid **** exit signal Segmentation fault (11)

The execution of PHP was stopped and the PHP file was offered for download instead of being executed.

After deactivating gnupg, PHP worked properly again.

Reproduce code:
---------------
include('key.php');
putenv('GNUPGHOME=pubring');
$res=gnupg_init();
gnupg_seterrormode($res,GNUPG_ERROR_WARNING);
gnupg_addencryptkey($res,$key);
[...]
$encnachricht = gnupg_encrypt($res,$nachricht);

Expected result:
----------------
I would expect my e-mail to be encrypted

Actual result:
--------------
[Wed Mar 10 03:45:02 2010] [notice] child pid **** exit signal Segmentation fault (11)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-04-20 09:12 UTC] BenBE at geshi dot org

I'm using the OOP-style wrapper class of this PECL extension, but basically get the same crash. The GDB backtrace looks like this:

0xb6181f34 in gpgme_set_armor () from /usr/lib/libgpgme.so.11
(gdb) bt
#0  0xb6181f34 in gpgme_set_armor () from /usr/lib/libgpgme.so.11
#1  0xb61990a3 in gnupg_res_init (intern=0x1) at /tmp/pear/temp/gnupg/gnupg.c:140
#2  0xb6199f06 in gnupg_obj_new (class_type=0x88a9928) at /tmp/pear/temp/gnupg/gnupg.c:187
#3  0x082f9464 in _object_and_properties_init (arg=0x8903a78, class_type=0x88a9928, properties=0x0)
    at /tmp/buildd/php5-5.3.2/Zend/zend_API.c:1087
#4  0x082f957c in _object_init_ex (arg=0x8903a78, class_type=0x88a9928) at /tmp/buildd/php5-5.3.2/Zend/zend_API.c:1095
#5  0x0831e41e in ZEND_NEW_SPEC_HANDLER (execute_data=0x88a9928) at /tmp/buildd/php5-5.3.2/Zend/zend_vm_execute.h:473
#6  0x08317b93 in ZEND_USER_OPCODE_SPEC_HANDLER (execute_data=0x89287a8) at /tmp/buildd/php5-5.3.2/Zend/zend_vm_execute.h:703
#7  0x08318b9e in execute (op_array=0x8a51878) at /tmp/buildd/php5-5.3.2/Zend/zend_vm_execute.h:104
#8  0xb75c9765 in xdebug_execute (op_array=0x8a51878)
    at /build/buildd-xdebug_2.0.5-1+b1-i386-VWnNbE/xdebug-2.0.5/build-php5/xdebug.c:1562
#9  0xb5e720b4 in ?? () from /usr/lib/php5/20090626+lfs/suhosin.so
#10 0x08341b26 in zend_do_fcall_common_helper_SPEC (execute_data=0x0) at /tmp/buildd/php5-5.3.2/Zend/zend_vm_execute.h:337
#11 0x08318b9e in execute (op_array=0x88f4f28) at /tmp/buildd/php5-5.3.2/Zend/zend_vm_execute.h:104
#12 0xb75c9765 in xdebug_execute (op_array=0x88f4f28)
    at /build/buildd-xdebug_2.0.5-1+b1-i386-VWnNbE/xdebug-2.0.5/build-php5/xdebug.c:1562
#13 0xb5e720b4 in ?? () from /usr/lib/php5/20090626+lfs/suhosin.so
#14 0x082eed06 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /tmp/buildd/php5-5.3.2/Zend/zend.c:1266
#15 0x08293414 in php_execute_script (primary_file=0xbffff76c) at /tmp/buildd/php5-5.3.2/main/main.c:2288
#16 0x08384a9c in main (argc=2, argv=0xbffff864) at /tmp/buildd/php5-5.3.2/sapi/cli/php_cli.c:1196

The ctx given to gpgme_set_armor is non-NULL, but no check to ensure gpgme_new actually returns a valid context is made.

[2013-07-17 13:00 UTC] jimjag@php.net

-Status: Open +Status: Feedback

[2013-07-17 13:00 UTC] jimjag@php.net

Addressed in trunk (1.3.4-dev)... please check

[2013-07-17 13:01 UTC] jimjag@php.net

-Assigned To: +Assigned To: jimjag

[2013-10-15 11:54 UTC] pecl-dev at lists dot php dot net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 26 05:01:30 2024 UTC