Null pointer dereference in stream_socket_enable_crypto
| Sec Bug #60279 | Null pointer dereference in stream_socket_enable_crypto | ||||
|---|---|---|---|---|---|
| Submitted: | 2011-11-12 10:33 UTC | Modified: | 2011-11-12 15:17 UTC | ||
| From: | shm@php.net | Assigned: | pajoye (profile) | ||
| Status: | Closed | Package: | OpenSSL related | ||
| PHP Version: | 5.4.0RC1 | OS: | |||
| Private report: | No | CVE-ID: | None | ||
[2011-11-12 10:33 UTC] shm@php.net
Description:
------------
NPD in the stream_socket_enable_crypto function in case when supplied socket SSL session is not initialized:
<?php
$ref = "";
$fst = stream_socket_server("",$ref,$ref,0);
$snd = stream_socket_server("",$ref,$ref,0);
stream_socket_enable_crypto($fst,0,0,$snd);
?>
^D
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 80173d1c0 (LWP 100176)]
0x0000000802af69b0 in SSL_get_session () from /usr/lib/libssl.so.6
(gdb) bt
#0 0x0000000802af69b0 in SSL_get_session () from /usr/lib/libssl.so.6
#1 0x0000000802afa311 in SSL_copy_session_id () from /usr/lib/libssl.so.6
#2 0x000000080aa2e8d7 in php_openssl_sockop_set_option () from /usr/local/lib/php/20090626/openssl.so
#3 0x000000000050e879 in _php_stream_set_option ()
#4 0x000000000051958e in php_stream_xport_crypto_setup ()
#5 0x00000000004dd728 in zif_stream_socket_enable_crypto ()
#6 0x000000000059a157 in zend_do_fcall_common_helper_SPEC ()
#7 0x0000000000570d23 in execute ()
#8 0x000000000054c145 in zend_execute_scripts ()
#9 0x00000000004fa83c in php_execute_script ()
#10 0x00000000005d489b in main ()
#11 0x00000000004170fe in _start ()
Test script:
---------------
<?php
$ref = "";
$fst = stream_socket_server("",$ref,$ref,0);
$snd = stream_socket_server("",$ref,$ref,0);
stream_socket_enable_crypto($fst,0,0,$snd);
?>
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commits
[2011-11-12 15:16 UTC] pajoye@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: pajoye