php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64267 ldap_bind crash for ldaps://
Submitted: 2013-02-21 17:38 UTC Modified: 2015-06-10 10:41 UTC
From: andrew+bugsphp at wimpyprogrammer dot com Assigned: mcmic (profile)
Status: Closed Package: LDAP related
PHP Version: 5.4.12 OS: Windows Server 2008 R2 x64
Private report: No CVE-ID: None
 [2013-02-21 17:38 UTC] andrew+bugsphp at wimpyprogrammer dot com
Description:
------------
(I am using PHP 5.4.12 NTS, but it's not an option in the version menu.  I tried 
grabbing a Windows snapshot but the 5.4 links on http://windows.php.net/snapshots/ 
are broken.)

Calling ldap_bind() with an ldaps:// resource causes PHP via FastCGI to crash:
HTTP Error 500.0 - Internal Server Error
C:\PROGRA~2\PHP\PHP_5_4_12_NTS_x86\php-cgi.exe - The FastCGI process exited 
unexpectedly

If the resource is ldap://, the connection succeeds.

If I change my PHP version to 5.4.11 with the same PHP INI, both methods succeed.

Test script:
---------------
<?php
// From http://php.net/manual/en/function.ldap-bind.php#example-4224.
$ldaprdn  = 'uname';
$ldappass = 'password';

// connect to ldap server
$ldapconn = ldap_connect("ldaps://ldap.example.com")
    or die("Could not connect to LDAP server.");

if ($ldapconn) {
    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);

    if ($ldapbind) {
        echo "LDAP bind successful...";
    } else {
        echo "LDAP bind failed...";
    }
}

Expected result:
----------------
LDAP bind successful...

Actual result:
--------------
Error Summary
HTTP Error 500.0 - Internal Server Error

C:\PROGRA~2\PHP\PHP_5_4_12_NTS_x86\php-cgi.exe - The FastCGI process exited 
unexpectedly

Detailed Error Information

Module
FastCgiModule

Notification
ExecuteRequestHandler

Handler
PHP 5.4.12 NTS x86 via FastCGI

Error Code
0x000000ff

Requested URL
[Redacted]

Physical Path
[Redacted]

Logon Method
Anonymous

Logon User
Anonymous

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-02-21 18:22 UTC] pajoye@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2013-02-21 18:22 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2013-02-21 20:58 UTC] andrew+bugsphp at wimpyprogrammer dot com
Here's the backtrace.  I hope I captured it correctly.  I struggled to find a 
debug file for libeay32.dll and ended up using 
http://www.orangefs.org/trac/orangefs/browser/branches/windows-client/openssl-
windows/bin64/debug?rev=8844.  Thanks!

-----

Thread 0 - System ID 3660
Entry point   php_cgi!mainCRTStartup 
Create time   2/21/2013 3:07:58 PM 
Time spent in user mode   0 Days 0:0:0.656 
Time spent in kernel mode   0 Days 0:0:0.312 

Full Call Stack

Function     Arg 1     Arg 2     Arg 3     Arg 4   Source 
libeay32!OPENSSL_showfatal+c0     00000001     00000064     01bf1b48     
0024b80c   g:\root\pvfsdev\windows\openssl-1.0.0d\crypto\cryptlib.c @ 831 + f 
libeay32!bn_mul_high+75f     01c798b4     01c798a4     01bf1b48     0025e0ee   
g:\root\pvfsdev\windows\openssl-1.0.0d\crypto\bn\bn_mul.c @ 890 + 1e 
ssleay32!SSLv3_client_method+18c     01bf1b48     01c41d38     72096bb8     
01bf1b48    
ssleay32!SSL_free+19e     01bf1b48     01c41d38     720a659b     01c41d38    
php_ldap!ldap_search_s+1c8     01c41d38     01c41d18     01c41b78     720a6907    
php_ldap!ber_sockbuf_remove_io+7b     01c41b78     720b52e8     00000014     
70f52dec    
php_ldap!ber_int_sb_destroy+57     01c41b78     01c41b78     00000000     
014ba128    
php_ldap!ber_sockbuf_free+44     01c41b78     00000000     014ba128     7209b949    
php_ldap!ldap_ld_free+1ad     014ba128     00000001     00000000     00000000    
php_ldap!ldap_unbind_ext+59     014ba128     00000000     00000000     720a9f80    
php_ldap!ldap_unbind_s+e     014ba128     00000002     6ec4cd63     008ecb68    
php_ldap!_close_ldap_link+f     008ecb68     6ec60b97     008ecb68     0126f068   
c:\php-sdk\php54dev\vc9\x86\php-5.4.12\ext\ldap\ldap.c @ 103 
php5!list_entry_destructor+43     008edc54     009d1410     0126f1dc     
6ecaf59d   c:\php-sdk\php54dev\vc9\x86\php-5.4.12\zend\zend_list.c @ 178 + 2 
php5!zend_hash_apply_deleter+6c     01c44480     6f1b5330     6ec3cd06     
6f1b5b78   c:\php-sdk\php54dev\vc9\x86\php-5.4.12\zend\zend_hash.c @ 650 + 5 
php5!zend_hash_graceful_reverse_destroy+d     6f1b5b78     6f1b5a60     6ee7cd24     
01c44480   c:\php-sdk\php54dev\vc9\x86\php-5.4.12\zend\zend_hash.c @ 688 
php5!shutdown_executor+46     00000000     00000000     01c8f450     008ed678   
c:\php-sdk\php54dev\vc9\x86\php-5.4.12\zend\zend_execute_api.c @ 247 + a 
php5!zend_deactivate+49     00000000     00000001     004800c4     00000000   
c:\php-sdk\php54dev\vc9\x86\php-5.4.12\zend\zend.c @ 940 
php5!php_request_shutdown+198     00000000     00a6d500     00000001     
00000000   c:\php-sdk\php54dev\vc9\x86\php-5.4.12\main\main.c @ 1803 
php_cgi!main+3db     00000003     009d2f80     009d1bf8     21c90fe5   c:\php-
sdk\php54dev\vc9\x86\php-5.4.12\sapi\cgi\cgi_main.c @ 2498 + 7 
php_cgi!__tmainCRTStartup+10f     7efde000     0126f84c     776d9ed2     
7efde000   f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c @ 586 + 17 
kernel32!BaseThreadInitThunk+12     7efde000     1083a766     00000000     
00000000    
ntdll!RtlInitializeExceptionChain+63     00a63a39     7efde000     ffffffff     
777672ff    
ntdll!RtlInitializeExceptionChain+36     00a63a39     7efde000     00000000     
00000000    


Exception Information
LIBEAY32!OPENSSL_SHOWFATAL+C0In php-
cgi__PID__3152__Date__02_21_2013__Time_03_08_05PM__37__Second_Chance_Exception_C
0000005.dmp the assembly instruction at libeay32!OPENSSL_showfatal+c0 in 
C:\Program Files (x86)\PHP\PHP_5_4_12_NTS_x86\libeay32.dll from The OpenSSL 
Project, http://www.openssl.org/ has caused an access violation exception 
(0xC0000005) when trying to write to memory location 0x00000001 on thread 0


Module Information 
Image Name: C:\Program Files (x86)\PHP\PHP_5_4_12_NTS_x86\libeay32.dll   Symbol 
Type:  PDB 
Base address: 0x00905a4d   Time Stamp:  Wed Feb 13 05:36:27 2013  
Checksum: 0x65006200   Comments:   
COM DLL: False   Company Name:  The OpenSSL Project, http://www.openssl.org/ 
ISAPIExtension: False   File Description:  OpenSSL Shared Library 
ISAPIFilter: False   File Version:  0.9.8y 
Managed DLL: False   Internal Name:  libeay32 
VB DLL: False   Legal Copyright:  Copyright © 1998-2007 The OpenSSL Project. 
Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved. 
Loaded Image Name:  libeay32.dll   Legal Trademarks:   
Mapped Image Name:     Original filename:  libeay32.dll 
Module name:  libeay32   Private Build:   
Single Threaded:  False   Product Name:  The OpenSSL Toolkit 
Module Size:  1,020.00 KBytes   Product Version:  0.9.8y 
Symbol File Name:  c:\users\administrator\desktop\php-debug-pack-5.4.12-nts-
win32-vc9-x86\libeay32.pdb   Special Build:  &
 [2013-02-21 20:58 UTC] andrew+bugsphp at wimpyprogrammer dot com
-Status: Feedback +Status: Open -PHP Version: 5.4Git-2013-02-21 (snap) +PHP Version: 5.4.12
 [2013-02-22 04:31 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2013-02-22 04:31 UTC] pajoye@php.net
PHP is loading openssl 1.0.0 while it is built and requires 0.9.x series. That's 
the cause of the crash (openssl is very sensible and break ABI between these 
versions).

Snapshots are available here:

http://windows.php.net/downloads/snaps/php-5.4/

Please try again and be sure to only have openssl 0.9.x (bundled with the 
release) in the PATH used by the PHP processes.
 [2013-02-28 19:00 UTC] andrew+bugsphp at wimpyprogrammer dot com
-Status: Feedback +Status: Open
 [2013-02-28 19:00 UTC] andrew+bugsphp at wimpyprogrammer dot com
I just retested this using snapshot r31a6f8b of PHP 5.12.  The problem still occurs.  
The backtrace is below.

Do I understand you correctly that the problem lies outside of the PHP files?  I 
searched my entire system for *eay32.dll files and only found the ones (libeay32.dll 
and ssleay32.dll) in the PHP program files.  I used Process Monitor to record any 
activity containing "eay32.dll" in the path.  I recycled the IIS application pool and 
then ran the test script, and only the libeay32.dll and ssleay32.dll files in 
C:\PROGRA~2\PHP\PHP_5_4_12_r31a6f8b_NTS_x86\ were recorded.  So I don't understand if 
this is something on my end or a problem with the 5.12 packages.  If the problem is 
on my end, I'm surprised everything works on 5.11.

Thank you!

------------------------------------------------
Thread 0 - System ID 2716
Entry point   php_cgi+3a19 
Create time   2/28/2013 1:05:07 PM 
Time spent in user mode   0 Days 0:0:0.625 
Time spent in kernel mode   0 Days 0:0:0.187 

Full Call Stack

Function     Arg 1     Arg 2     Arg 3     Arg 4   Source 
libeay32!OPENSSL_showfatal+c0     00000001     00000064     01a91c90     0031b80c   
g:\root\pvfsdev\windows\openssl-1.0.0d\crypto\cryptlib.c @ 831 + f 
libeay32!bn_mul_high+75f     01b198b4     01b198a4     01a91c90     0032e0ee   
g:\root\pvfsdev\windows\openssl-1.0.0d\crypto\bn\bn_mul.c @ 890 + 1e 
ssleay32!SSLv3_client_method+18c     01a91c90     01ae3df8     71c36bb8     01a91c90    
ssleay32!SSL_free+19e     01a91c90     01ae3df8     71c4659b     01ae3df8    
php_ldap!get_module+5bb8     01ae3df8     01ae3dd8     01ae3c38     71c46907    
php_ldap!get_module+1559b     01ae3c38     71c552e8     00000014     71b52dec    
php_ldap!get_module+15907     01ae3c38     01ae3c38     00000000     0157a190    
php_ldap!get_module+16364     01ae3c38     00000000     0157a190     71c3b949    
php_ldap!get_module+a7cd     00000000     00000000     00000000     00000002    

Exception Information
LIBEAY32!OPENSSL_SHOWFATAL+C0In php-
cgi__PID__1436__Date__02_28_2013__Time_01_05_08PM__534__Second_Chance_Exception_C0000
005.dmp the assembly instruction at libeay32!OPENSSL_showfatal+c0 in C:\Program Files 
(x86)\PHP\PHP_5_4_12_r31a6f8b_NTS_x86\libeay32.dll from The OpenSSL Project, 
http://www.openssl.org/ has caused an access violation exception (0xC0000005) when 
trying to write to memory location 0x00000001 on thread 0

Module Information 
Image Name: C:\Program Files (x86)\PHP\PHP_5_4_12_r31a6f8b_NTS_x86\libeay32.dll   
Symbol Type:  PDB 
Base address: 0x00905a4d   Time Stamp:  Wed Feb 13 05:36:27 2013  
Checksum: 0x65006200   Comments:   
COM DLL: False   Company Name:  The OpenSSL Project, http://www.openssl.org/ 
ISAPIExtension: False   File Description:  OpenSSL Shared Library 
ISAPIFilter: False   File Version:  0.9.8y 
Managed DLL: False   Internal Name:  libeay32 
VB DLL: False   Legal Copyright:  Copyright © 1998-2007 The OpenSSL Project. 
Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved. 
Loaded Image Name:  libeay32.dll   Legal Trademarks:   
Mapped Image Name:     Original filename:  libeay32.dll 
Module name:  libeay32   Private Build:   
Single Threaded:  False   Product Name:  The OpenSSL Toolkit 
Module Size:  1,020.00 KBytes   Product Version:  0.9.8y 
Symbol File Name:  c:\users\administrator\desktop\php-debug-pack-5.4.12-nts-win32-
vc9-x86\libeay32.pdb   Special Build:  &
 [2015-05-05 20:12 UTC] andreas at heigl dot org
Is this still an issue? Has this been reproduced in a more recent version of PHP?
 [2015-05-07 00:51 UTC] andrew+bugsphp at wimpyprogrammer dot com
Sorry, I've since changed jobs and no longer develop with PHP so I can't continue investigating this.  I don't know how to see issue votes, but assuming that no one else has voted for this then I guess it should be closed.
 [2015-06-10 10:41 UTC] mcmic@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: mcmic
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Oct 19 05:01:27 2019 UTC