php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69004 openssl_pkcs12_export_to_file segfault
Submitted: 2015-02-07 09:32 UTC Modified: -
From: gmblar+php at gmail dot com Assigned:
Status: Open Package: OpenSSL related
PHP Version: 5.6.5 OS: MacOSX 10.10.2
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2015-02-07 09:32 UTC] gmblar+php at gmail dot com
Description:
------------
openssl_pkcs12_export_to_file crash with "Segmentation fault: 11"


Code works without segfault if:

* remove the line "$privateKey = new PrivateKey($privateKey);"
* var_dump something after openssl_pkcs12_export_to_file


Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x000000012b86af59
0x00000001001f0c25 in gc_zval_possible_root ()
(gdb) bt
#0  0x00000001001f0c25 in gc_zval_possible_root ()
#1  0x00000001001e2046 in zend_hash_bucket_delete ()
#2  0x00000001001e20ac in zend_hash_graceful_reverse_destroy ()
#3  0x00000001001c8027 in shutdown_executor ()
#4  0x00000001001d6227 in zend_deactivate ()
#5  0x000000010017d045 in php_request_shutdown ()
#6  0x000000010025f7d7 in do_cli ()
#7  0x000000010025e354 in main ()

Test script:
---------------
<?php

class PrivateKey {

    public $data;

    public function __construct($data) {
        $this->data = $data;
    }

    public function __toString() {
        openssl_pkey_export($this->data, $output);
        return $output;
    }

}

$csr = openssl_csr_new([], $privateKey);
$certificate = openssl_csr_sign($csr, NULL, $privateKey, 1);

$privateKey = new PrivateKey($privateKey);
openssl_pkcs12_export_to_file($certificate, '/tmp/test.p12', $privateKey, '');

# var_dump('bar');

Expected result:
----------------
Nothing

Actual result:
--------------
Segmentation fault: 11

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-02-07 09:44 UTC] gmblar+php at gmail dot com
Same with PHP 5.6.5-1~dotdeb.1 on debian 7.6

Stacktrace:

Program received signal SIGSEGV, Segmentation fault.
0x00000000006fa489 in gc_zval_possible_root ()
(gdb) bt
#0  0x00000000006fa489 in gc_zval_possible_root ()
#1  0x00000000006e7316 in ?? ()
#2  0x00000000006e8a38 in zend_hash_graceful_reverse_destroy ()
#3  0x00000000006ca0d6 in ?? ()
#4  0x00000000006da735 in zend_deactivate ()
#5  0x0000000000676553 in php_request_shutdown ()
#6  0x000000000077f948 in ?? ()
#7  0x0000000000433b7f in ?? ()
#8  0x00007ffff503eeed in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#9  0x0000000000433c15 in _start ()
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue Aug 20 22:01:30 2019 UTC