php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74099 Memory leak with openssl_encrypt()
Submitted: 2017-02-15 09:30 UTC Modified: -
From: marcel at webdisplay dot nl Assigned:
Status: Closed Package: OpenSSL related
PHP Version: 7.1.1 OS: macOS Sierra
Private report: No CVE-ID:
 [2017-02-15 09:30 UTC] marcel at webdisplay dot nl
Description:
------------
Encrypting an empty string in AES-256-GCM should return an empty string and valid tag but instead it returns 32 bytes of data from memory which could leak information.

Test script:
---------------
$aad = random_bytes(32);
$iv = random_bytes(16);
$key = random_bytes(32);

$plaintext = '';
$tag = null;

$ciphertext = openssl_encrypt($plaintext, 'aes-256-gcm', $key, \OPENSSL_RAW_DATA, $iv, $tag, $aad);

// $ciphertext should be an empty string but it is not in PHP 7.1.*
// Instead it returns random data from memory!
printf("ciphertext=%s, tag=%s", bin2hex($ciphertext), bin2hex($tag));


Expected result:
----------------
An empty string must be returned

Actual result:
--------------
A 32-byte string from memory is returned

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-02-17 09:36 UTC] andrew dot nester dot dev at gmail dot com
Thanks for reporting this issue! Just added PR with fix for this.
 [2017-02-17 20:23 UTC] nikic@php.net
Automatic comment on behalf of andrew.nester.dev@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=15b8b124ae1017dc31dae46cee73b702d77f85b8
Log: Fixed #74099 - Memory leak with openssl_encrypt()
 [2017-02-17 20:23 UTC] nikic@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC