php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77440 ldap_bind using ldaps or ldap_start_tls()=exception in libcrypto-1_1-x64.dll
Submitted: 2019-01-10 21:28 UTC Modified: 2019-01-13 00:37 UTC
Votes:6
Avg. Score:4.8 ± 0.4
Reproduced:5 of 5 (100.0%)
Same Version:4 (80.0%)
Same OS:2 (40.0%)
From: tsimmons at gmail dot com Assigned:
Status: Feedback Package: OpenSSL related
PHP Version: 7.2.14 OS: Windows 2008 R2, 64-bit
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2019-01-10 21:28 UTC] tsimmons at gmail dot com
Description:
------------
When trying to either ldap_bind() to a server that was connected using ldap_connect("ldaps://ldapserver:636") syntax, or by using the ldap_start_tls() function, you get an unhandled exception in libcrypto-1_1-x64.dll. Code works fine in PHP 7.2.13. This error occurs with the downloaded PHP 7.2.14 NTS, x64.

Test script:
---------------
	$server = "ldaps://ldapserver:636";
	putenv('LDAPTLS_REQCERT=allow');
	$con = ldap_connect($server);
	if(!$con) {
		ldap_get_option($con, LDAP_OPT_DIAGNOSTIC_MESSAGE, $err);
		return(false);
	}
	ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);
	ldap_set_option($con, LDAP_OPT_REFERRALS, 0);
	$ldaprdn = "ldapuser@domain.local";
	$ldapbind = ldap_bind($con, $ldaprdn, $oldPassword); // THIS LINE CRASHES WITH: Unhandled exception at 0x000007FEE4153708 (libcrypto-1_1-x64.dll) in php.exe: 0xC0000005: Access violation reading location 0xFFFFFFFFFFFFFFFF.


Expected result:
----------------
Should bind without error.

Actual result:
--------------
Unhandled exception at 0x000007FEE4153708 (libcrypto-1_1-x64.dll) in php.exe: 0xC0000005: Access violation reading location 0xFFFFFFFFFFFFFFFF.

Exception thrown at 0x000007FEE4153708 (libcrypto-1_1-x64.dll) in php.exe: 0xC0000005: Access violation reading location 0xFFFFFFFFFFFFFFFF.

The program '[4264] php.exe' has exited with code 0 (0x0).


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-01-10 23:25 UTC] jbrady at sbccd dot org
Was just going to post this. I'm having this issue as well. Exact same setup.
 [2019-01-11 13:40 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2019-01-11 13:40 UTC] ab@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2019-01-11 14:06 UTC] tsimmons at gmail dot com
-Status: Feedback +Status: Open
 [2019-01-11 14:06 UTC] tsimmons at gmail dot com
If you revert just the two files:

    libcrypto-1_1-x64.dll
    libssl-1_1-x64.dll

to version 1.1.0i (distributed with PHP 7.2.13) or 1.1.0j (available from http://wiki.overbyte.eu/wiki/index.php/ICS_Download#Download_OpenSSL_Binaries_.28required_for_SSL-enabled_components.29) it works fine. I tried downloading other 1.1.1? binaries from https://bintray.com/vszakats/generic/openssl and http://wiki.overbyte.eu/wiki/index.php/ICS_Download#Download_OpenSSL_Binaries_.28required_for_SSL-enabled_components.29 but those didn't work either. Not sure if this is a PHP or OpenSSL issue.
 [2019-01-11 14:20 UTC] tsimmons at gmail dot com
Here is the backtrace running from command line:

>libcrypto-1_1-x64.dll!000007fee18a3708() Unknown
libssl-1_1-x64.dll!000007fee8e7a422() Unknown
php_ldap.dll!tlso_sb_setup(sockbuf_io_desc * sbiod, void * arg) Line 873 C
[External Code] 
php_ldap.dll!tlso_sb_remove(sockbuf_io_desc * sbiod) Line 885 C
php_ldap.dll!ber_sockbuf_remove_io(sockbuf * sb, sockbuf_io * sbio, int layer) Line 229 C
php_ldap.dll!ldap_int_tls_connect(ldap * ld, ldap_conn * conn) Line 392 C
php_ldap.dll!ldap_int_tls_start(ldap * ld, ldap_conn * conn, ldap_url_desc * srv) Line 932 C
php_ldap.dll!ldap_int_open_connection(ldap * ld, ldap_conn * conn, ldap_url_desc * srv, int async) Line 450 C
php_ldap.dll!ldap_new_connection(ldap * ld, ldap_url_desc * * srvlist, int use_ldsb, int connect, ldapreqinfo * bind, int m_req, int m_res) Line 488 C
php_ldap.dll!ldap_open_defconn(ldap * ld) Line 41 C
php_ldap.dll!ldap_send_initial_request(ldap * ld, unsigned __int64 msgtype, const char * dn, berelement * ber, int msgid) Line 130 C
php_ldap.dll!ldap_sasl_bind(ldap * ld, const char * dn, const char * mechanism, berval * cred, ldapcontrol * * sctrls, ldapcontrol * * cctrls, int * msgidp) Line 164 C
php_ldap.dll!ldap_sasl_bind_s(ldap * ld, const char * dn, const char * mechanism, berval * cred, ldapcontrol * * sctrls, ldapcontrol * * cctrls, berval * * servercredp) Line 200 C
php_ldap.dll!zif_ldap_bind(_zend_execute_data * execute_data, _zval_struct * return_value) Line 631 C
php7.dll!ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER(_zend_execute_data * execute_data) Line 627 C
php7.dll!execute_ex(_zend_execute_data * ex) Line 59739 C
php7.dll!zend_execute(_zend_op_array * op_array, _zval_struct * return_value) Line 63777 C
php7.dll!zend_execute_scripts(int type, _zval_struct * retval, int file_count, ...) Line 1503 C
php7.dll!php_execute_script(_zend_file_handle * primary_file) Line 2587 C
php.exe!do_cli(int argc, char * * argv) Line 1012 C
php.exe!main(int argc, char * * argv) Line 1403 C
[External Code]
 [2019-01-11 15:00 UTC] tsimmons at gmail dot com
Perhaps it's related to this OpenLDAP bug? http://www.openldap.org/lists/openldap-bugs/201810/msg00000.html ... seems similar.
 [2019-01-11 17:57 UTC] jbrady at sbccd dot org
I can confirm that using the two DLLs from 7.2.13 does resolve the issue. Also, here is a stack trace using VS2017 on Windows 10:

libcrypto-1_1-x64.dll!00007ffd2aa73708()
libssl-1_1-x64.dll!00007ffd3a43a422()
php_ldap.dll!tlso_sb_setup(sockbuf_io_desc * sbiod, void * arg) Line 873
	at e:\repo\winlibs_openldap\libraries\libldap\tls_o.c(873)
libcrypto-1_1-x64.dll!00007ffd2aa72e36()
libssl-1_1-x64.dll!00007ffd3a437880()
php_ldap.dll!tlso_sb_remove(sockbuf_io_desc * sbiod) Line 885
	at e:\repo\winlibs_openldap\libraries\libldap\tls_o.c(885)
php_ldap.dll!ber_sockbuf_remove_io(sockbuf * sb, sockbuf_io * sbio, int layer) Line 229
	at e:\repo\winlibs_openldap\libraries\liblber\sockbuf.c(229)
php_ldap.dll!ldap_int_tls_connect(ldap * ld, ldap_conn * conn) Line 392
	at e:\repo\winlibs_openldap\libraries\libldap\tls2.c(392)
php_ldap.dll!ldap_int_tls_start(ldap * ld, ldap_conn * conn, ldap_url_desc * srv) Line 932
	at e:\repo\winlibs_openldap\libraries\libldap\tls2.c(932)
php_ldap.dll!ldap_int_open_connection(ldap * ld, ldap_conn * conn, ldap_url_desc * srv, int async) Line 450
	at e:\repo\winlibs_openldap\libraries\libldap\open.c(450)
php_ldap.dll!ldap_new_connection(ldap * ld, ldap_url_desc * * srvlist, int use_ldsb, int connect, ldapreqinfo * bind, int m_req, int m_res) Line 488
	at e:\repo\winlibs_openldap\libraries\libldap\request.c(488)
php_ldap.dll!ldap_open_defconn(ldap * ld) Line 41
	at e:\repo\winlibs_openldap\libraries\libldap\open.c(41)
php_ldap.dll!ldap_send_initial_request(ldap * ld, unsigned __int64 msgtype, const char * dn, berelement * ber, int msgid) Line 130
	at e:\repo\winlibs_openldap\libraries\libldap\request.c(130)
php_ldap.dll!ldap_sasl_bind(ldap * ld, const char * dn, const char * mechanism, berval * cred, ldapcontrol * * sctrls, ldapcontrol * * cctrls, int * msgidp) Line 164
	at e:\repo\winlibs_openldap\libraries\libldap\sasl.c(164)
php_ldap.dll!ldap_sasl_bind_s(ldap * ld, const char * dn, const char * mechanism, berval * cred, ldapcontrol * * sctrls, ldapcontrol * * cctrls, berval * * servercredp) Line 200
	at e:\repo\winlibs_openldap\libraries\libldap\sasl.c(200)
php_ldap.dll!zif_ldap_bind(_zend_execute_data * execute_data, _zval_struct * return_value) Line 631
	at c:\php-snap-build\php72\vc15\x64\php-7.2.14\ext\ldap\ldap.c(631)
php_xdebug.dll!00007ffd7a8b5b18()
php7.dll!ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER(_zend_execute_data * execute_data) Line 1046
	at c:\php-snap-build\php72\vc15\x64\php-7.2.14\zend\zend_vm_execute.h(1046)
php7.dll!execute_ex(_zend_execute_data * ex) Line 59739
	at c:\php-snap-build\php72\vc15\x64\php-7.2.14\zend\zend_vm_execute.h(59739)
php_xdebug.dll!00007ffd7a8b57c8()
php7.dll!zend_execute(_zend_op_array * op_array, _zval_struct * return_value) Line 63777
	at c:\php-snap-build\php72\vc15\x64\php-7.2.14\zend\zend_vm_execute.h(63777)
php7.dll!zend_execute_scripts(int type, _zval_struct * retval, int file_count, ...) Line 1503
	at c:\php-snap-build\php72\vc15\x64\php-7.2.14\zend\zend.c(1503)
php7.dll!php_execute_script(_zend_file_handle * primary_file) Line 2592
	at c:\php-snap-build\php72\vc15\x64\php-7.2.14\main\main.c(2592)
php.exe!do_cli(int argc, char * * argv) Line 1012
	at c:\php-snap-build\php72\vc15\x64\php-7.2.14\sapi\cli\php_cli.c(1012)
php.exe!main(int argc, char * * argv) Line 1403
	at c:\php-snap-build\php72\vc15\x64\php-7.2.14\sapi\cli\php_cli.c(1403)
[Inline Frame] php.exe!invoke_main() Line 78
	at f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl(78)
php.exe!__scrt_common_main_seh() Line 288
	at f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl(288)
kernel32.dll!BaseThreadInitThunk()
ntdll.dll!RtlUserThreadStart()
 [2019-01-12 19:45 UTC] tsimmons at gmail dot com
I would go with the 1.1.0j release from http://wiki.overbyte.eu/wiki/index.php/ICS_Download#Download_OpenSSL_Binaries_.28required_for_SSL-enabled_components.29 since there have been security updates to OpenSSL since the 1.1.0i released with PHP 7.2.13.
 [2019-01-13 00:37 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2019-01-13 00:37 UTC] ab@php.net
Thanks for the further infos. Could you check the latest snapshots, 7.2 and up, please? This seems to be indeed an OpenLDAP issue with OpenSSL 1.1.1.

Thanks.
 [2019-01-14 22:00 UTC] cphill at email dot arizona dot edu
Reproduced original problem on Windows Server 2016 Standard version 1607 build 14393.2724. 

Tried PHP snapshot 7.2.15-dev (Jan 14 2019 13:40:01) MSVC15 (Visual C++ 2017) x64 running on same OS (see above) and the problem does not occur.
 [2019-01-15 18:48 UTC] mknobloch at midstate dot edu
I can confirm the issue with 7.2.14.  It appears to be resolved in the January 14th snapshot of 7.2 (NTS x64) on Windows Server 2016.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Wed Jan 16 12:01:25 2019 UTC