PHP :: Bug #68912 :: Segmentation fault at openssl_spki_new
| Bug #68912 | Segmentation fault at openssl_spki_new | ||||
|---|---|---|---|---|---|
| Submitted: | 2015-01-25 18:03 UTC | Modified: | - | ||
| From: | fernando at null-life dot com | Assigned: | |||
| Status: | Closed | Package: | OpenSSL related | ||
| PHP Version: | 5.6.5 | OS: | Linux | ||
| Private report: | No | CVE-ID: | None | ||
[2015-01-25 18:03 UTC] fernando at null-life dot com
Description:
------------
There is a segfault when calling openssl_spki_new with an invalid resource. I *think* it may be related to calling strlen(s) when s is NULL.
Test script:
---------------
<?php
$var1=xml_parser_create_ns();
$var2=2;
$var3=3;
openssl_spki_new($var1, $var2, $var3);
Expected result:
----------------
Not segfault
Actual result:
--------------
(gdb) run 2.php
Starting program: /usr/bin/php 2.php
PHP Warning: openssl_spki_new(): supplied resource is not a valid OpenSSL X.509/key resource in /home/fmunozs/bugs/php/2.php on line 8
PHP Warning: openssl_spki_new(): Unable to use supplied private key in /home/fmunozs/bugs/php/2.php on line 8
Program received signal SIGSEGV, Segmentation fault.
zif_openssl_spki_new (ht=3, return_value=0xb788acb0, return_value_ptr=0xb787007c, this_ptr=0x0, return_value_used=0) at /home/fmunozs/php/src/php-5.6.5/ext/openssl/openssl.c:1535
1535 if (strlen(s) <= 0) {
(gdb) bt
#0 zif_openssl_spki_new (ht=3, return_value=0xb788acb0, return_value_ptr=0xb787007c, this_ptr=0x0, return_value_used=0) at /home/fmunozs/php/src/php-5.6.5/ext/openssl/openssl.c:1535
#1 0x08ce66ed in zend_do_fcall_common_helper_SPEC (execute_data=0xb78700c8) at /home/fmunozs/php/src/php-5.6.5/Zend/zend_vm_execute.h:558
#2 0x08b2eacf in execute_ex (execute_data=0xb78700c8) at /home/fmunozs/php/src/php-5.6.5/Zend/zend_vm_execute.h:363
#3 0x08bc2eac in zend_execute (op_array=0xb7889e28) at /home/fmunozs/php/src/php-5.6.5/Zend/zend_vm_execute.h:388
#4 0x08a2f46b in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/fmunozs/php/src/php-5.6.5/Zend/zend.c:1341
#5 0x0884cf7e in php_execute_script (primary_file=0xbfffe494) at /home/fmunozs/php/src/php-5.6.5/main/main.c:2584
#6 0x08cee870 in do_cli (argc=-1, argc@entry=2, argv=0xb788a228, argv@entry=0x94da838) at /home/fmunozs/php/src/php-5.6.5/sapi/cli/php_cli.c:994
#7 0x0806c7e9 in main (argc=2, argv=0x94da838) at /home/fmunozs/php/src/php-5.6.5/sapi/cli/php_cli.c:1378
#8 0xb7976e5e in __libc_start_main () from /usr/lib/libc.so.6
#9 0x0806c9f7 in _start ()
Patches
pangit143 (last revision 2015-08-06 03:28 UTC by veveykocute1234 at gmail dot com)Pull Requests
History
AllCommentsChangesGit/SVN commits