php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #69004 openssl_pkcs12_export_to_file segfault
Submitted: 2015-02-07 09:32 UTC Modified: 2021-07-07 09:23 UTC
From: gmblar+php at gmail dot com Assigned: cmb (profile)
Status: Closed Package: OpenSSL related
PHP Version: 5.6.5 OS: MacOSX 10.10.2
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2015-02-07 09:32 UTC] gmblar+php at gmail dot com 
Description:
------------
openssl_pkcs12_export_to_file crash with "Segmentation fault: 11"


Code works without segfault if:

* remove the line "$privateKey = new PrivateKey($privateKey);"
* var_dump something after openssl_pkcs12_export_to_file


Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x000000012b86af59
0x00000001001f0c25 in gc_zval_possible_root ()
(gdb) bt
#0  0x00000001001f0c25 in gc_zval_possible_root ()
#1  0x00000001001e2046 in zend_hash_bucket_delete ()
#2  0x00000001001e20ac in zend_hash_graceful_reverse_destroy ()
#3  0x00000001001c8027 in shutdown_executor ()
#4  0x00000001001d6227 in zend_deactivate ()
#5  0x000000010017d045 in php_request_shutdown ()
#6  0x000000010025f7d7 in do_cli ()
#7  0x000000010025e354 in main ()

Test script:
---------------
<?php

class PrivateKey {

    public $data;

    public function __construct($data) {
        $this->data = $data;
    }

    public function __toString() {
        openssl_pkey_export($this->data, $output);
        return $output;
    }

}

$csr = openssl_csr_new([], $privateKey);
$certificate = openssl_csr_sign($csr, NULL, $privateKey, 1);

$privateKey = new PrivateKey($privateKey);
openssl_pkcs12_export_to_file($certificate, '/tmp/test.p12', $privateKey, '');

# var_dump('bar');

Expected result:
----------------
Nothing

Actual result:
--------------
Segmentation fault: 11

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-02-07 09:44 UTC] gmblar+php at gmail dot com 
Same with PHP 5.6.5-1~dotdeb.1 on debian 7.6

Stacktrace:

Program received signal SIGSEGV, Segmentation fault.
0x00000000006fa489 in gc_zval_possible_root ()
(gdb) bt
#0  0x00000000006fa489 in gc_zval_possible_root ()
#1  0x00000000006e7316 in ?? ()
#2  0x00000000006e8a38 in zend_hash_graceful_reverse_destroy ()
#3  0x00000000006ca0d6 in ?? ()
#4  0x00000000006da735 in zend_deactivate ()
#5  0x0000000000676553 in php_request_shutdown ()
#6  0x000000000077f948 in ?? ()
#7  0x0000000000433b7f in ?? ()
#8  0x00007ffff503eeed in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#9  0x0000000000433c15 in _start ()
 [2021-07-07 08:48 UTC] cmb@php.net 
I cannot reproduce this with PHP-7.4.  Is this still an issue for
you with any of the actively maintained PHP versions[1]?

[1] <https://www.php.net/supported-versions.php>
 [2021-07-07 08:48 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2021-07-07 09:20 UTC] gmblar+php at gmail dot com 
Works for me in PHP 8.0.7
 [2021-07-07 09:23 UTC] cmb@php.net
-Status: Feedback +Status: Closed
 [2021-07-07 09:23 UTC] cmb@php.net 
Thanks for the swift reply!  Closing then.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved. 		Last updated: Thu Jul 29 19:01:23 2021 UTC