|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70553 OpenSSL DLL blocking PHP on non-existent drive access
Submitted: 2015-09-22 19:26 UTC Modified: 2015-09-22 20:51 UTC
From: bob at exnet dot com Assigned: ab (profile)
Status: Duplicate Package: OpenSSL related
PHP Version: 7.0.0RC3 OS: Windows
Private report: No CVE-ID: None
 [2015-09-22 19:26 UTC] bob at exnet dot com
the libeay32.dll (OpenSSL) appears to be a dependency of several other PHP modules, postgres, cURL etc..   It accesses a non existent drive D:, which then causes a dialog to appear, and the PHP script blocks until it's clicked.

Test script:
affects PHP even before a script runs.
php --version  even triggers it.

Expected result:
don't access drives on my machine that don't even exist!

Actual result:
accesses non existent drives, causing the running of PHP to block.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-09-22 19:35 UTC]
-Status: Open +Status: Feedback -Type: Security +Type: Bug
 [2015-09-22 19:35 UTC]
Could you please provide the screenshot or other detailed description of the dialog you are seeing?
 [2015-09-22 19:47 UTC]
-Type: Bug +Type: Security -Assigned To: +Assigned To: ab -Private report: No +Private report: Yes
 [2015-09-22 19:47 UTC]
Thanks for the report. Have you tried something like process monitor to check what exactly is looked for on drive d:? Just a guess, it might be the openssl.cnf path, but have to check.

Which Windows do you use? I've just tried on a machine with only disk c: and no popups, no hanging (but if the config path is wrong, should be fixed anyway).

And, btw - why is this security? It's still RC. If there's no particular reason, probably should be set to a normal bug.

 [2015-09-22 19:54 UTC]
-Type: Security +Type: Bug
 [2015-09-22 19:54 UTC]
Ah, Stas already set it to the bug, we just had a race condition :)

@bob could you please try the env vars described here for configuration? Like OPENSSL_CONF, that should override the default paths anyway.

 [2015-09-22 19:59 UTC]
Sounds like bug #68312, which @bob also commented on today.
 [2015-09-22 20:51 UTC]
-Status: Feedback +Status: Duplicate
 [2015-09-22 20:51 UTC]
Yes, you're right - this one is the duplicate. It is the same issue, lets handle it there.

PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Tue May 24 03:05:44 2022 UTC