php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59308 gnupg causes Httpd to segfault on 64bit system
Submitted: 2010-07-14 15:15 UTC Modified: 2010-07-19 22:45 UTC
From: dayday0000 at gmail dot com Assigned:
Status: Closed Package: gnupg (PECL)
PHP Version: 5.3.2 OS: centos-5.5-x86_64
Private report: No CVE-ID: None
 [2010-07-14 15:15 UTC] dayday0000 at gmail dot com
Description:
------------
CentOS-5.5-i386 : no problem

CentOS-5.5-x86_64 : Httpd segfault at gngpg::ERROR_EXCEPTION



# gdb /usr/sbin/httpd /tmp/core.22933
...
Reading symbols from /usr/lib64/php/modules/json.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/php/modules/json.so
Reading symbols from /usr/lib64/php/modules/ldap.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/php/modules/ldap.so
Reading symbols from /usr/lib64/php/modules/phar.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/php/modules/phar.so
Reading symbols from /usr/lib64/php/modules/zip.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/php/modules/zip.so
Core was generated by `/usr/sbin/httpd'.
Program terminated with signal 11, Segmentation fault.
#0  0x00002b2418264b23 in instanceof_function_ex () from /etc/httpd/modules/libphp5.so
(gdb) bt
#0  0x00002b2418264b23 in instanceof_function_ex () from /etc/httpd/modules/libphp5.so
#1  0x00002b2418264afb in instanceof_function () from /etc/httpd/modules/libphp5.so
#2  0x00002b2418284959 in zend_throw_exception () from /etc/httpd/modules/libphp5.so
#3  0x00002b2419f78091 in zif_gnupg_decrypt (ht=1, return_value=0x2b242cc02918,
    return_value_ptr=<value optimized out>, this_ptr=<value optimized out>,
    return_value_used=<value optimized out>) at /root/t_download/gnupg-1.3.1/gnupg.c:1210
#4  0x00002b2419d42cf3 in xdebug_execute_internal (current_execute_data=0x2b240cf75050,
    return_value_used=1) at /var/tmp/xdebug/xdebug.c:1339
#5  0x00002b24182baa7d in ?? () from /etc/httpd/modules/libphp5.so
#6  0x00002b2418290d0b in execute () from /etc/httpd/modules/libphp5.so
#7  0x00002b2419d4296e in xdebug_execute (op_array=0x2b242cc01798) at /var/tmp/xdebug/xdebug.c:1272
#8  0x00002b241826d325 in zend_execute_scripts () from /etc/httpd/modules/libphp5.so
#9  0x00002b241821e208 in php_execute_script () from /etc/httpd/modules/libphp5.so
#10 0x00002b24182f59ad in ?? () from /etc/httpd/modules/libphp5.so
#11 0x00002b240ce14a4a in ap_run_handler ()
#12 0x00002b240ce17ec2 in ap_invoke_handler ()
#13 0x00002b240ce22918 in ap_process_request ()
#14 0x00002b240ce1fb50 in ?? ()
#15 0x00002b240ce1bcb2 in ap_run_process_connection ()
#16 0x00002b240ce26769 in ?? ()
#17 0x00002b240ce269fa in ?? ()
#18 0x00002b240ce26ab0 in ?? ()
#19 0x00002b240ce2779b in ap_mpm_run ()
#20 0x00002b240ce01e48 in main ()
(gdb)


Reproduce code:
---------------
<?php

putenv('GNUPGHOME=/var/www/html/.gnupg');

$ciphertext="-----BEGIN PGP MESSAGE-----
Version: haneWIN JavascriptPG v2.0
hI8DsyTuUapgGVQQAAd9A/47cJAOKwa++fEfXKjFDsj1e01vZQVRqS4fCcLR
KbcHQe+L04vU2bRMycshlWXy/fWWkB0woK49Fto7GTi1zUvYj24TQvt/1Bev
xdcbBskJLO5tEPlZ7byV98ZJ7gL6rBs+rC4otG9UwDISVXzh6tqw43Q6c68i
JNxvy2y7MQQ0MqRxPSy5oIL/14OV2nhrgG+jIXfamlMNadZOQuD10/6G8zuo
svrkxLjFE9FtPQPXfn+S0hHWo5BRHtsJ21mkhxTnpsh0S0zM4Di1icQTQV2l
vMrlu+fSr+bEu1jD3vTgljGZTyTv8fsBa/RuNt+lu6Utk3Y=
=DULO
-----END PGP MESSAGE-----";

$gpg = new gnupg();

$gpg->seterrormode(gnupg::ERROR_EXCEPTION);
//$gpg->seterrormode(gnupg::ERROR_WARNING);
//$gpg->seterrormode(gnupg::ERROR_SILENT);

try {
        $gpg->adddecryptkey('keyname','password');
        $plaintext = $gpg->decrypt($ciphertext);
        echo $plaintext;
} catch (Exception $e) {
        echo "Error : ".$e->getMessage();
}
?>

Expected result:
----------------
Error : get_key failed

Actual result:
--------------
# tail -n1 /var/log/httpd/error_log
[Thu Jul 15 03:43:19 2010] [notice] child pid 23330 exit signal Segmentation fault (11)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-07-19 01:11 UTC] dayday0000 at gmail dot com
--- gnupg.c.old 2010-07-19 13:28:47.000000000 +0900
+++ gnupg.c     2010-07-19 13:28:12.000000000 +0900
@@ -55,7 +55,7 @@
                                php_error_docref(NULL 
TSRMLS_CC, E_WARNING, (char*)error); \
                                break; \
                        case 2: \
-                               
zend_throw_exception(zend_exception_get_default(), (char*) 
error,
+                               zend_throw_exception(NULL, 
(char*)error, 0 TSRMLS_CC); \
                                break; \
                        default: \
                                intern->errortxt = 
(char*)error; \
 [2010-07-19 22:45 UTC] dayday0000 at gmail dot com
--- gnupg.c.old 2010-07-20 09:21:55.000000000 +0900
+++ gnupg.c     2010-07-20 09:21:43.000000000 +0900
@@ -20,6 +20,7 @@
 #include "php_ini.h"
 #include "ext/standard/info.h"
 #include "php_gnupg.h"
+#include "zend_exceptions.h"

 #ifdef ZEND_ENGINE_2
 #include "php_gnupg_keylistiterator.h"
 [2011-06-21 18:52 UTC] justin dot crone at epicmaneuvers dot com
Using version 1.3.2 gnupg pecl extension on Fedora 15 x86_64 
with apache 2.2.17, php 5.3.6, gpgme 1.3.0 I can repeat this 
error. The segfault only seems to occur when using 
gnupg::ERROR_EXCEPTION and is resolved by adding #include 
"zend_exceptions.h".
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue May 21 16:01:27 2019 UTC