php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63725 tilde (~) in public and private keyfile paths causes memory corruption
Submitted: 2012-12-08 02:04 UTC Modified: 2021-02-10 11:25 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (50.0%)
From: tcolton at gmail dot com Assigned: cmb (profile)
Status: Duplicate Package: ssh2 (PECL)
PHP Version: 5.4.9 OS: any
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tcolton at gmail dot com
New email:
PHP Version: OS:

 

 [2012-12-08 02:04 UTC] tcolton at gmail dot com
Description:
------------
When you pass in a public or private keyfile path that has a tilde, there seems be 
some memory corruption that causes a segfault or weird issues the next 
time, in the same process, you attempt to authenticate with keyfiles.

If you pass full paths to the keyfiles, the problem goes away.

Test script:
---------------
// Attempt one
$connection = ssh2_connect('localhost', 22);
ssh2_auth_pubkey_file($connection, 'user', '~/.ssh/id_rsa.pub', '~/.ssh/id_rsa');

// Attempt two
$connection = ssh2_connect('localhost', 22);
ssh2_auth_pubkey_file($connection, 'user', '~/.ssh/id_rsa.pub', '~/.ssh/id_rsa');

// Attempt three
$connection = ssh2_connect('localhost', 22);
ssh2_auth_pubkey_file($connection, 'user', '~/.ssh/id_rsa.pub', '~/.ssh/id_rsa');



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-01-26 21:24 UTC] camspiers at gmail dot com
I was able to replicate this issue, but I also found a fix. If you run 
unset($connection); after each connection the segfault goes away.
 [2021-02-10 11:25 UTC] cmb@php.net
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2021-02-10 11:25 UTC] cmb@php.net
Closing as duplicate of bug #73578.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat May 15 21:01:25 2021 UTC