php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70553 OpenSSL DLL blocking PHP on non-existent drive access
Submitted: 2015-09-22 19:26 UTC Modified: 2015-09-22 20:51 UTC
From: bob at exnet dot com Assigned: ab (profile)
Status: Duplicate Package: OpenSSL related
PHP Version: 7.0.0RC3 OS: Windows
Private report: No CVE-ID: None
 [2015-09-22 19:26 UTC] bob at exnet dot com
Description:
------------
the libeay32.dll (OpenSSL) appears to be a dependency of several other PHP modules, postgres, cURL etc..   It accesses a non existent drive D:, which then causes a dialog to appear, and the PHP script blocks until it's clicked.


Test script:
---------------
affects PHP even before a script runs.
php --version  even triggers it.

Expected result:
----------------
don't access drives on my machine that don't even exist!

Actual result:
--------------
accesses non existent drives, causing the running of PHP to block.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-09-22 19:35 UTC] stas@php.net
-Status: Open +Status: Feedback -Type: Security +Type: Bug
 [2015-09-22 19:35 UTC] stas@php.net
Could you please provide the screenshot or other detailed description of the dialog you are seeing?
 [2015-09-22 19:47 UTC] ab@php.net
-Type: Bug +Type: Security -Assigned To: +Assigned To: ab -Private report: No +Private report: Yes
 [2015-09-22 19:47 UTC] ab@php.net
Thanks for the report. Have you tried something like process monitor to check what exactly is looked for on drive d:? Just a guess, it might be the openssl.cnf path, but have to check.

Which Windows do you use? I've just tried on a machine with only disk c: and no popups, no hanging (but if the config path is wrong, should be fixed anyway).

And, btw - why is this security? It's still RC. If there's no particular reason, probably should be set to a normal bug.

Thanks.
 [2015-09-22 19:54 UTC] ab@php.net
-Type: Security +Type: Bug
 [2015-09-22 19:54 UTC] ab@php.net
Ah, Stas already set it to the bug, we just had a race condition :)

@bob could you please try the env vars described here http://php.net/manual/en/openssl.installation.php for configuration? Like OPENSSL_CONF, that should override the default paths anyway.

Thanks.
 [2015-09-22 19:59 UTC] requinix@php.net
Sounds like bug #68312, which @bob also commented on today.
 [2015-09-22 20:51 UTC] ab@php.net
-Status: Feedback +Status: Duplicate
 [2015-09-22 20:51 UTC] ab@php.net
Yes, you're right - this one is the duplicate. It is the same issue, lets handle it there.

Thanks.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Fri May 29 18:01:25 2020 UTC