|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74022 PHP Fast CGI crashes when reading from a pfx file with valid password.
Submitted: 2017-01-31 13:13 UTC Modified: 2017-05-18 11:01 UTC
From: ckmailid at gmail dot com Assigned: ab (profile)
Status: Closed Package: OpenSSL related
PHP Version: 7.0.15 OS: Windows 10
Private report: No CVE-ID: None
 [2017-01-31 13:13 UTC] ckmailid at gmail dot com
PHP process crashes when i use a pfx file to read using function openssl_pkcs12_read with valid password.
But it gives error if password is wrong, that is working fine. 

That pfx file is working well with openssl command line utility

Environment :

PHP : 7 .0.9
OS: windows 10
Server: IIS, Using Fast CGI
certificate : It is specially exported certificate from windows. when a highly secure certificate is exported , it asks for login user password,  and after 4 attempt with wrong password it export the certificate even after wrong password.
You can do it by import a pfx file that with enabling strong private key encrypting checkbox on wizard and after finish set security level HIGH.

I tried it on linux with gdb, it shows Segmentation fault (core dumped).

Test script:
if (!$cert_store = file_get_contents("sample_export.pfx")) {
    echo "Error: Unable to read the cert file\n";

if (openssl_pkcs12_read($cert_store, $cert_info, "csos")) {
    echo "Certificate Information\n";
} else {
    echo "Error: Unable to read the cert store.\n";

Expected result:
it will crash the PHP process.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-31 13:48 UTC]
-Status: Open +Status: Feedback
 [2017-01-31 13:48 UTC]
Thanks for the report. Could you provide the backtrace? Also, were it possible to get some .pfx file for debugging? If not your exact file, then any that reproduces.

 [2017-02-01 06:50 UTC] ckmailid at gmail dot com
-Status: Feedback +Status: Open
 [2017-02-01 06:50 UTC] ckmailid at gmail dot com
Hi, i generate a sample key and made a sample pfx file that can reproduce but i didn't find any option to attach a file. I am afraid but can you please guide me where to upload sample pfx file.
 [2017-02-01 12:55 UTC]
This tracker doesn't allow file uploads except patches, but that's not the case for the purpose. If there are text files only, please gist them somewhere and post a link. Otherwise, probably no way around than sharing them through dropbox or a similar service.

 [2017-02-01 13:01 UTC] ckmailid at gmail dot com
Thanks for the suggestion,

please use the following link to get the file

let me know in case of any difficulties.
 [2017-02-02 12:09 UTC]
Automatic comment on behalf of ab
Log: Fixed #74022 PHP Fast CGI crashes when reading from a pfx file.
 [2017-02-02 12:09 UTC]
-Status: Open +Status: Closed
 [2017-05-17 06:55 UTC] falundir at gmail dot com
Probably this is the fix that broke openssl_pkcs12_read - starting from PHP 7.0.17 and 7.1.3 this function returns only one certificate in 'extracerts', even when there are more than one.

See here:
 [2017-05-17 07:45 UTC] falundir at gmail dot com
Looking at the diff, I think that sk_X509_num(ca) should be evaluated before the for-loop, because sk_X509_pop probably changes the sk_X509_num result.
 [2017-05-17 09:56 UTC] falundir at gmail dot com
I've confirmed this suspicion. Following patch (against 7.1.5) fixes the problem:

@@ -2972,11 +2972,9 @@ PHP_FUNCTION(openssl_pkcs12_read)
 		if (ca && sk_X509_num(ca)) {
-			int num;
-			num = sk_X509_num(ca);
-			for (i = 0; i < num; i++) {
+			for (i = 0; i < sk_X509_num(ca); i++) {
 				zval zextracert;
 				X509* aCA = sk_X509_pop(ca);
 				if (!aCA) break;
 [2017-05-18 11:01 UTC]
-Assigned To: +Assigned To: ab
 [2017-05-18 11:01 UTC]
Thanks for the ping. Fixed in 464c1639ae544e3952823caf169d2e4199a32fc3, please check the current 7.0+ snapshots.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Apr 13 00:01:28 2024 UTC