|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74022 PHP Fast CGI crashes when reading from a pfx file with valid password.
Submitted: 2017-01-31 13:13 UTC Modified: 2017-02-01 13:01 UTC
From: ckmailid at gmail dot com Assigned:
Status: Closed Package: OpenSSL related
PHP Version: 7.0.15 OS: Windows 10
Private report: No CVE-ID:
 [2017-01-31 13:13 UTC] ckmailid at gmail dot com
PHP process crashes when i use a pfx file to read using function openssl_pkcs12_read with valid password.
But it gives error if password is wrong, that is working fine. 

That pfx file is working well with openssl command line utility

Environment :

PHP : 7 .0.9
OS: windows 10
Server: IIS, Using Fast CGI
certificate : It is specially exported certificate from windows. when a highly secure certificate is exported , it asks for login user password,  and after 4 attempt with wrong password it export the certificate even after wrong password.
You can do it by import a pfx file that with enabling strong private key encrypting checkbox on wizard and after finish set security level HIGH.

I tried it on linux with gdb, it shows Segmentation fault (core dumped).

Test script:
if (!$cert_store = file_get_contents("sample_export.pfx")) {
    echo "Error: Unable to read the cert file\n";

if (openssl_pkcs12_read($cert_store, $cert_info, "csos")) {
    echo "Certificate Information\n";
} else {
    echo "Error: Unable to read the cert store.\n";

Expected result:
it will crash the PHP process.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-31 13:48 UTC]
-Status: Open +Status: Feedback
 [2017-01-31 13:48 UTC]
Thanks for the report. Could you provide the backtrace? Also, were it possible to get some .pfx file for debugging? If not your exact file, then any that reproduces.

 [2017-02-01 06:50 UTC] ckmailid at gmail dot com
-Status: Feedback +Status: Open
 [2017-02-01 06:50 UTC] ckmailid at gmail dot com
Hi, i generate a sample key and made a sample pfx file that can reproduce but i didn't find any option to attach a file. I am afraid but can you please guide me where to upload sample pfx file.
 [2017-02-01 12:55 UTC]
This tracker doesn't allow file uploads except patches, but that's not the case for the purpose. If there are text files only, please gist them somewhere and post a link. Otherwise, probably no way around than sharing them through dropbox or a similar service.

 [2017-02-01 13:01 UTC] ckmailid at gmail dot com
Thanks for the suggestion,

please use the following link to get the file

let me know in case of any difficulties.
 [2017-02-02 12:09 UTC]
Automatic comment on behalf of ab
Log: Fixed #74022 PHP Fast CGI crashes when reading from a pfx file.
 [2017-02-02 12:09 UTC]
-Status: Open +Status: Closed
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Mar 28 19:01:48 2017 UTC