Home Original page

OpenSSL mysteriously makes PHP segfault

Bug #29418 OpenSSL mysteriously makes PHP segfault
Submitted: 2004-07-28 05:26 UTC Modified: 2004-10-26 11:32 UTC
From: sartre at gmail dot com Assigned:
Status: Closed Package: OpenSSL related
PHP Version: 4.3.8 OS: Linux (Slackware 10.0)
Private report: No CVE-ID: None

 [2004-07-28 05:26 UTC] sartre at gmail dot com

Description:
------------
(using PHP 4.3.8 as the standalone executable, OpenSSL 0.9.7d)

I was writing a regression script for testing my script but when signing a certificate with a CA I stumbled upon an unending delay (self-signed first and then signed against the generated CA in the same script).

The PHP executable (I am not running apache) does not always reproduce the segfault.

The *error* (forced in the script):
The client uses the same private key as the CA.

PS: It's my first time using OpenSSL in PHP, and I do not understand most of it, but I didn't expect to get a segfault.


Reproduce code:
---------------
$key = openssl_pkey_new ();
$csr = openssl_csr_new ($dn, $key);
openssl_csr_export ($csr, $csr_exported);
$csr_signed = openssl_csr_sign ($csr, NULL, $key, 365);
openssl_x509_export ($csr_signed, $x509_exported);
openssl_pkey_export ($key, $key_exported, '');
$key_public = openssl_pkey_get_public ($x509_exported);
$struct = openssl_x509_parse ($x509_exported);
// set $dn to other value
$cert_ca = openssl_x509_read ($x509_exported);
$cert_cakey = openssl_pkey_get_private ($cert_client);
$client_csr = openssl_csr_new ($dn, $cert_cakey);
openssl_csr_export ($client_csr, $client_csr_exported);
// here!
openssl_csr_sign ($client_csr, $cert_ca, $cert_cakey, 365);

// (I cannot continue)


Expected result:
----------------
Segfault


Actual result:
--------------
#0  0x40536bff in mallopt () from /lib/libc.so.6
#1  0x40535a2f in free () from /lib/libc.so.6
#2  0x08189e7d in shutdown_memory_manager ()
#3  0x0816e470 in php_request_shutdown ()
#4  0x081a82c0 in main ()

(I expected to see any SSL function called)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2004-07-29 05:45 UTC] wez@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

 [2004-07-29 06:03 UTC] sartre at gmail dot com

There's a backtrace in the 'actual result' field..

Mysteriously it did not contain *any* zend routine.

Whether this may or may not be a scripting bug, I (nor would any of we) didn't expect PHP to segfault (that's why I posted that).

Thanks!

 [2004-07-29 08:16 UTC] wez@php.net

Read the instructions *carefully* on how to produce a useful backtrace with debugging information.

 [2004-08-13 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

 [2004-10-26 11:35 UTC] wez@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Thanks to Kamesh Jayachandran and Netware.