php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59290 gnupg_verify() segfault on 64bit OS
Submitted: 2010-07-02 04:38 UTC Modified: 2010-07-20 15:27 UTC
From: viktors at ok dot lv Assigned:
Status: Closed Package: gnupg (PECL)
PHP Version: 5.3.2 OS: linux 64bit
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: viktors at ok dot lv
New email:
PHP Version: OS:

 

 [2010-07-02 04:38 UTC] viktors at ok dot lv
Description:
------------
In gnupg_verify() gets called:
char * gpgme_data_release_and_get_mem (gpgme_data_t dh, size_t *length), where second argument should be pointer to size_t type variable. However, gpg_plain_len variable is defined as int which on 64bit OS is 4 bytes, but size_t on 64bit OS is 8 bytes. Memory gets corrupted.
Here is the patch that fixes it:
--- gnupg.c.orig	2010-07-02 10:44:22.000000000 +0300
+++ gnupg.c	2010-07-02 11:37:40.000000000 +0300
@@ -1096,7 +1096,7 @@
 	zval	*plain_text		=	NULL; /* signed_text without the signature if its not a detached sig */
 
 	char	*gpg_plain;
-	int		gpg_plain_len;
+	size_t		gpg_plain_len;
 
 	GNUPG_GETOBJ();
 



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-07-20 15:27 UTC] mgdm@php.net
This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.


 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue Nov 19 07:01:33 2019 UTC