PHP :: Bug #60895 :: null pointer dereference in php_win32_free_rng

Bug #60895

null pointer dereference in php_win32_free_rng_lock()

Submitted:

2012-01-26 19:45 UTC

Modified:

2012-01-27 10:56 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

root at ihack dot net

Assigned:

pajoye (profile)

Status:

Closed

Package:

Unknown/Other Function

PHP Version:

5.3.9

OS:

Windows Server 2008 R2 x64

Private report:

CVE-ID:

None

View Developer Edit

[2012-01-26 19:45 UTC] root at ihack dot net

Description:
------------
If php_win32_get_random_bytes() has never been called, then this line of code:

+	CryptReleaseContext(hCryptProv, 0);

passes a null pointer, resulting in a C0000005 exception in 
CryptReleaseContext().  This line should be preceded by:

        if (has_crypto_ctx)

This was specifically tested with the windows.php.net 32-bit TS build running on 
64-bit Windows.  I do not know how it behaves in other configurations.


Test script:
---------------
I do not have a short test case, but the bug is pretty obvious.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-01-26 19:47 UTC] root at ihack dot net

BTW, this bug was introduced in revision 312201, during the 5.3.7 release cycle.

[2012-01-27 10:56 UTC] pajoye@php.net

Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=322843
Log: - fix #60895, possible invalid handler usage

[2012-01-27 10:56 UTC] pajoye@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

[2012-01-27 10:56 UTC] pajoye@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: pajoye

[2012-04-18 09:46 UTC] laruence@php.net

Automatic comment on behalf of pajoye
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1e462057cdcb82c57c18dbb45ca21893def6ac56
Log: - fix #60895, possible invalid handler usage

[2012-07-24 23:37 UTC] rasmus@php.net

Automatic comment on behalf of pajoye
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1e462057cdcb82c57c18dbb45ca21893def6ac56
Log: - fix #60895, possible invalid handler usage

[2013-11-17 09:34 UTC] laruence@php.net

Automatic comment on behalf of pajoye
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1e462057cdcb82c57c18dbb45ca21893def6ac56
Log: - fix #60895, possible invalid handler usage

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Oct 28 08:00:01 2025 UTC