|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #60279 Null pointer dereference in stream_socket_enable_crypto
Submitted: 2011-11-12 10:33 UTC Modified: 2011-11-12 15:17 UTC
From: Assigned: pajoye (profile)
Status: Closed Package: OpenSSL related
PHP Version: 5.4.0RC1 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
New email:
PHP Version: OS:


 [2011-11-12 10:33 UTC]
NPD in the stream_socket_enable_crypto function in case when supplied socket SSL session is not initialized:

$ref = "";
$fst = stream_socket_server("",$ref,$ref,0);
$snd = stream_socket_server("",$ref,$ref,0);
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 80173d1c0 (LWP 100176)]
0x0000000802af69b0 in SSL_get_session () from /usr/lib/
(gdb) bt
#0  0x0000000802af69b0 in SSL_get_session () from /usr/lib/
#1  0x0000000802afa311 in SSL_copy_session_id () from /usr/lib/
#2  0x000000080aa2e8d7 in php_openssl_sockop_set_option () from /usr/local/lib/php/20090626/
#3  0x000000000050e879 in _php_stream_set_option ()
#4  0x000000000051958e in php_stream_xport_crypto_setup ()
#5  0x00000000004dd728 in zif_stream_socket_enable_crypto ()
#6  0x000000000059a157 in zend_do_fcall_common_helper_SPEC ()
#7  0x0000000000570d23 in execute ()
#8  0x000000000054c145 in zend_execute_scripts ()
#9  0x00000000004fa83c in php_execute_script ()
#10 0x00000000005d489b in main ()
#11 0x00000000004170fe in _start ()

Test script:
$ref = "";
$fst = stream_socket_server("",$ref,$ref,0);
$snd = stream_socket_server("",$ref,$ref,0);


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-11-12 15:16 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: pajoye
 [2011-11-12 15:16 UTC]
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at

 For Windows:
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Jun 13 20:01:31 2024 UTC