php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67340 Segfault on verifying NULL
Submitted: 2014-05-25 15:51 UTC Modified: -
Votes:2
Avg. Score:4.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: t dot g at cybernetic-solutions dot de Assigned:
Status: Open Package: gnupg (PECL)
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2014-05-25 15:51 UTC] t dot g at cybernetic-solutions dot de
Description:
------------
gnupg segfaults when calling gnupg_verify with NULL as signature

Test script:
---------------
<?
$res = gnupg_init();
gnupg_verify($res,Null,False);
?>

Expected result:
----------------
some kind of error

Actual result:
--------------
segfault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-11-11 10:58 UTC] j_schumann at gmx dot de
Calling gnupg_verify() with NULL or FALSE as message causes a segmentation fault.

$gpg = gnupg_init();

$result = gnupg_verify($gpg, false, false);
var_dump($result);

$result = gnupg_verify($gpg, null, false);
var_dump($result);

Backtrace:

#0  __memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:33
#1  0x00007ff9b33a05f3 in ?? () from /usr/lib/x86_64-linux-gnu/libgpgme.so.11
#2  0x00007ff9b339f80d in gpgme_data_read () from /usr/lib/x86_64-linux-gnu/libgpgme.so.11
#3  0x00007ff9b33a0108 in ?? () from /usr/lib/x86_64-linux-gnu/libgpgme.so.11
#4  0x00007ff9b33a2a14 in ?? () from /usr/lib/x86_64-linux-gnu/libgpgme.so.11
#5  0x00007ff9b33a324c in ?? () from /usr/lib/x86_64-linux-gnu/libgpgme.so.11
#6  0x00007ff9b33a6a20 in gpgme_op_verify () from /usr/lib/x86_64-linux-gnu/libgpgme.so.11
#7  0x00007ff9b35d5c3a in zif_gnupg_verify (ht=2, return_value=0x7ff9c36f9fa8, return_value_ptr=<optimized out>, this_ptr=<optimized out>,
    return_value_used=<optimized out>) at /tmp/pear/temp/gnupg/gnupg.c:1163
#8  0x00007ff9bd458c6b in dtrace_execute_internal () from /usr/lib/apache2/modules/libphp5.so
#9  0x00007ff9bd518cc5 in ?? () from /usr/lib/apache2/modules/libphp5.so
#10 0x00007ff9bd4929f8 in execute_ex () from /usr/lib/apache2/modules/libphp5.so
#11 0x00007ff9bd458b69 in dtrace_execute_ex () from /usr/lib/apache2/modules/libphp5.so
#12 0x00007ff9bd46a5f0 in zend_execute_scripts () from /usr/lib/apache2/modules/libphp5.so
#13 0x00007ff9bd40a4d5 in php_execute_script () from /usr/lib/apache2/modules/libphp5.so
#14 0x00007ff9bd51a94a in ?? () from /usr/lib/apache2/modules/libphp5.so
#15 0x00007ff9c202f680 in ap_run_handler ()
#16 0x00007ff9c202fbc9 in ap_invoke_handler ()
#17 0x00007ff9c2044c2c in ap_internal_redirect ()
#18 0x00007ff9bb818cfc in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
#19 0x00007ff9c202f680 in ap_run_handler ()
#20 0x00007ff9c202fbc9 in ap_invoke_handler ()
#21 0x00007ff9c204516a in ap_process_async_request ()
#22 0x00007ff9c2045444 in ap_process_request ()
#23 0x00007ff9c2041f02 in ?? ()
#24 0x00007ff9c2038cc0 in ap_run_process_connection ()
#25 0x00007ff9bde3a767 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#26 0x00007ff9bde3a9a6 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#27 0x00007ff9bde3aa06 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#28 0x00007ff9bde3b6e0 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#29 0x00007ff9c201669e in ap_run_mpm ()
#30 0x00007ff9c200fe36 in main ()

Ubuntu 14.04 (64bit)
GPGme Version 1.4.3
Extension Version 1.3.3-dev
(latest available in Ubuntu 14.04 with "pecl install gnupg" and newest according to http://pecl.php.net/package/gnupg)

I want to reference https://bugs.php.net/bug.php?id=59598 as that bug from 2011 is still open because v1.3.4 is not yet released/available. Maybe both bugs could be fixed and 1.3.4 released in short time?
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC