php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #73072 Invalid path SNI_server_certs causes segfault
Submitted: 2016-09-13 16:16 UTC Modified: 2016-09-13 16:17 UTC
From: bukka@php.net Assigned: bukka (profile)
Status: Closed Package: OpenSSL related
PHP Version: 5.6.25 OS: All
Private report: No CVE-ID: None
View Developer Edit
 [2016-09-13 16:16 UTC] bukka@php.net 
Description:
------------
If the SNI_server_certs stream ssl option contains an invalid path, it causes segfault after the client connects. It is because the initializing loop is jumped off when error happens and keeps the sni_certs unitialized which causes later segfault when they are freed.

Test script:
---------------
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$ctx = stream_context_create(['ssl' => [
    'local_cert' => __DIR__ . '/domain1.pem',
    'SNI_server_certs' => [
        "domain1.com" => __DIR__ . "/sni_server_domain1.pem",
        "domain2.com" => __DIR__ . "/unknown",
    ]
]]);

$server = stream_socket_server('tls://127.0.0.1:64321', $errno, $errstr, $flags, $ctx);

for ($i=0; $i < 3; $i++) {
   @stream_socket_accept($server, 3);
}


Expected result:
----------------
Warning: failed setting local cert chain file `%s'; file not found

Actual result:
--------------
segfault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-09-13 16:17 UTC] bukka@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: bukka
 [2016-09-13 16:17 UTC] bukka@php.net 
The script above causes segfault once a client connects into it...
 [2016-09-13 17:15 UTC] bukka@php.net 
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=05baa927277c820de4deee0991c24c7f4c545105
Log: Fix bug #73072 (Invalid path SNI_server_certs causes segfault)
 [2016-09-13 17:15 UTC] bukka@php.net
-Status: Assigned +Status: Closed
 [2016-09-13 17:26 UTC] bukka@php.net 
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=05baa927277c820de4deee0991c24c7f4c545105
Log: Fix bug #73072 (Invalid path SNI_server_certs causes segfault)
 [2016-09-13 17:28 UTC] bukka@php.net 
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=05baa927277c820de4deee0991c24c7f4c545105
Log: Fix bug #73072 (Invalid path SNI_server_certs causes segfault)
 [2016-09-13 17:29 UTC] bukka@php.net 
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=05baa927277c820de4deee0991c24c7f4c545105
Log: Fix bug #73072 (Invalid path SNI_server_certs causes segfault)
 [2016-09-29 15:25 UTC] spam2 at rhsoft dot net 
the changelog of 7.0.12 RC 1 pretends that to be fixed, in fact it still fails, jsut built the RC1 (the 3 gd tests are because somebody renamed testfiles while they should be skipped at all when using systemd-gd)

i saw that pretty sure *randomly* fail with my PHP 7.0.11 build-tests using PGO (which is still broken https://bugs.php.net/bug.php?id=73111) and don't see any change here

Number of tests : 13389             11143
Tests skipped   : 2246 ( 16.8%) --------
Tests warned    :    0 (  0.0%) (  0.0%)
Tests failed    :    4 (  0.0%) (  0.0%)
Expected fail   :    0 (  0.0%) (  0.0%)
Tests passed    : 11139 ( 83.2%) (100.0%)
---------------------------------------------------------------------
Time taken      :  576 seconds
=====================================================================

=====================================================================
FAILED TEST SUMMARY
---------------------------------------------------------------------
Bug #53504 imagettfbbox/imageftbbox gives incorrect values for bounding box [ext/gd/tests/bug53504.phpt]
Bug #73155 (imagegd2() writes wrong chunk sizes on boundaries) [ext/gd/tests/bug73155.phpt]
Bug #73159 (imagegd2(): unrecognized formats may result in corrupted files) [ext/gd/tests/bug73159.phpt]
Bug #73072: Invalid path SNI_server_certs causes segfault [ext/openssl/tests/bug73072.phpt]
 [2016-09-29 15:25 UTC] spam2 at rhsoft dot net 
Related To: Bug #73072
 [2016-10-17 10:08 UTC] bwoebi@php.net 
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=05baa927277c820de4deee0991c24c7f4c545105
Log: Fix bug #73072 (Invalid path SNI_server_certs causes segfault)
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Oct 24 02:00:01 2025 UTC