php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68912 Segmentation fault at openssl_spki_new
Submitted: 2015-01-25 18:03 UTC Modified: -
From: fernando at null-life dot com Assigned:
Status: Closed Package: OpenSSL related
PHP Version: 5.6.5 OS: Linux
Private report: No CVE-ID:
 [2015-01-25 18:03 UTC] fernando at null-life dot com
Description:
------------
There is a segfault when calling openssl_spki_new with an invalid resource. I *think* it may be related to calling strlen(s) when s is NULL.



Test script:
---------------
<?php

$var1=xml_parser_create_ns();
$var2=2; 
$var3=3; 

openssl_spki_new($var1, $var2, $var3);


Expected result:
----------------
Not segfault

Actual result:
--------------
(gdb) run 2.php
Starting program: /usr/bin/php 2.php

PHP Warning:  openssl_spki_new(): supplied resource is not a valid OpenSSL X.509/key resource in /home/fmunozs/bugs/php/2.php on line 8
PHP Warning:  openssl_spki_new(): Unable to use supplied private key in /home/fmunozs/bugs/php/2.php on line 8

Program received signal SIGSEGV, Segmentation fault.
zif_openssl_spki_new (ht=3, return_value=0xb788acb0, return_value_ptr=0xb787007c, this_ptr=0x0, return_value_used=0) at /home/fmunozs/php/src/php-5.6.5/ext/openssl/openssl.c:1535
1535            if (strlen(s) <= 0) {
(gdb) bt
#0  zif_openssl_spki_new (ht=3, return_value=0xb788acb0, return_value_ptr=0xb787007c, this_ptr=0x0, return_value_used=0) at /home/fmunozs/php/src/php-5.6.5/ext/openssl/openssl.c:1535
#1  0x08ce66ed in zend_do_fcall_common_helper_SPEC (execute_data=0xb78700c8) at /home/fmunozs/php/src/php-5.6.5/Zend/zend_vm_execute.h:558
#2  0x08b2eacf in execute_ex (execute_data=0xb78700c8) at /home/fmunozs/php/src/php-5.6.5/Zend/zend_vm_execute.h:363
#3  0x08bc2eac in zend_execute (op_array=0xb7889e28) at /home/fmunozs/php/src/php-5.6.5/Zend/zend_vm_execute.h:388
#4  0x08a2f46b in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/fmunozs/php/src/php-5.6.5/Zend/zend.c:1341
#5  0x0884cf7e in php_execute_script (primary_file=0xbfffe494) at /home/fmunozs/php/src/php-5.6.5/main/main.c:2584
#6  0x08cee870 in do_cli (argc=-1, argc@entry=2, argv=0xb788a228, argv@entry=0x94da838) at /home/fmunozs/php/src/php-5.6.5/sapi/cli/php_cli.c:994
#7  0x0806c7e9 in main (argc=2, argv=0x94da838) at /home/fmunozs/php/src/php-5.6.5/sapi/cli/php_cli.c:1378
#8  0xb7976e5e in __libc_start_main () from /usr/lib/libc.so.6
#9  0x0806c9f7 in _start ()



Patches

pangit143 (last revision 2015-08-06 03:28 UTC) by veveykocute1234 at gmail dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-02-16 06:20 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=830998811112d60a9fe98c7e2b86250ccf75d6f4
Log: Fixed bug #68912 (Segmentation fault at openssl_spki_new)
 [2015-02-16 06:20 UTC] laruence@php.net
-Status: Open +Status: Closed
 [2015-02-16 06:23 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=830998811112d60a9fe98c7e2b86250ccf75d6f4
Log: Fixed bug #68912 (Segmentation fault at openssl_spki_new)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Fri Jul 28 08:01:47 2017 UTC