PHP :: Bug #60798 :: Regression: uninitialized memory in openssl

[2012-01-19 03:08 UTC] ktk at enterprise dot bidmc dot harvard dot edu

Description:
------------
A regression was introduced in php 5.3.9 to the file ext/openssl/openssl.c which causes openssl_encrypt("", "aes-128-cbc", "password") to use uninitialized memory when calling the underlying AES_cbc_encrypt() whenever the length of the $data argument is zero.  This results in either a corrupted return value, or a segmentation fault, depending upon what exists in php's memory heap.

I bisected the code difference between php 5.3.8 and 5.3.9 and have attached the errant patch to this bug report.

The problem patch introduces the following code, which for reasons unknown fails to call the update function whenever the length of the data argument is zero:
-       EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, ...);
+       if (data_len > 0) {
+               EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, ...);
+       }

Reverting the attached patch fixes the problem for me.

I'm seeing this problem on both x86_64 (64 bit) and i686 (32 bit) processor architectures.  OS is Slackware in both cases, with php linked against openssl version 1.0.0g (ditto for openssl 1.0.0e and 1.0.0f), glibc 2.14.1 and compiled with gcc 4.5.3.

The corruption/segfault occurs whether or not an initialization vector is passed to the function; the only requirement it seems is the zero-length data (ergo, the omission of the call to EVP_EncryptUpdate()).

Test script:
---------------
<?php
var_dump(openssl_encrypt("", "aes-128-cbc", "password",
                         false, str_repeat(chr(0), 16)));
$vec = str_repeat(chr(0), 16);
var_dump(openssl_encrypt("", "aes-128-cbc", "password",
                         false, $vec));
var_dump(openssl_encrypt("", "aes-128-cbc", "password"));

unset($vec);
$memory = "Let's use some memory!";
$vec = str_repeat(chr(0), 16);
var_dump(openssl_encrypt("", "aes-128-cbc", "password",
                         false, $vec));
?>

Expected result:
----------------
string(24) "xrQjTh0HCclFET5PKpYH9w=="
string(24) "xrQjTh0HCclFET5PKpYH9w=="

Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in test.php on line 7
string(24) "xrQjTh0HCclFET5PKpYH9w=="
string(24) "xrQjTh0HCclFET5PKpYH9w=="

Actual result:
--------------
GNU gdb (GDB) 7.2
Reading symbols from /usr/bin/php...done.
(gdb) set args test.php
(gdb) run
Starting program: /usr/bin/php test.php
[Thread debugging using libthread_db enabled]
string(24) "AMa0I04dBwnJRRE+TyqWB/c="
string(24) "xrQjTh0HCclFET5PKpYH9w=="

Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in test.php on line 7
string(24) "xrQjTh0HCclFET5PKpYH9w=="

Program received signal SIGSEGV, Segmentation fault.
0xb767cb7c in AES_cbc_encrypt () from /lib/libcrypto.so.1
(gdb)

[2012-01-22 19:41 UTC] rasmus@php.net

-Status: Open +Status: Assigned -Assigned To: +Assigned To: scottmac

[2013-02-17 10:33 UTC] stas@php.net

Please try using this snapshot:

  http://snaps.php.net/php5.4-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

Seems to work fine in 5.4.

[2013-02-17 10:33 UTC] stas@php.net

-Status: Assigned +Status: Feedback

[2013-10-15 11:54 UTC] php-bugs at lists dot php dot net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.

Patches

Pull Requests

History

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 16 05:01:29 2024 UTC