null pointer dereference in php_win32_free_rng

null pointer dereference in php_win32_free_rng_lock()

Bug #60895

null pointer dereference in php_win32_free_rng_lock()

Submitted:

2012-01-26 19:45 UTC

Modified:

2012-01-27 10:56 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

root at ihack dot net

Assigned:

pajoye (profile)

Status:

Closed

Package:

Unknown/Other Function

PHP Version:

5.3.9

OS:

Windows Server 2008 R2 x64

Private report:

CVE-ID:

None

[2012-01-26 19:45 UTC] root at ihack dot net

Description:
------------
If php_win32_get_random_bytes() has never been called, then this line of code:

+	CryptReleaseContext(hCryptProv, 0);

passes a null pointer, resulting in a C0000005 exception in 
CryptReleaseContext().  This line should be preceded by:

        if (has_crypto_ctx)

This was specifically tested with the windows.php.net 32-bit TS build running on 
64-bit Windows.  I do not know how it behaves in other configurations.


Test script:
---------------
I do not have a short test case, but the bug is pretty obvious.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-01-26 19:47 UTC] root at ihack dot net

BTW, this bug was introduced in revision 312201, during the 5.3.7 release cycle.

[2012-01-27 10:56 UTC] pajoye@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: pajoye