Edit report at https://bugs.php.net/bug.php?id=61124&edit=1
ID: 61124
Updated by: ras...@php.net
Reported by: mangirdas at impresspages dot org
Summary: Segmentation fault
Status: Open
Type: Bug
Package: OpenSSL related
Operating System: CentOS release 5.7 (Final)
PHP Version: 5.3.10
Block user comment: N
Private report: N
New Comment:
Confirmed
It would help to mention that this gives this warning:
Warning: openssl_decrypt(): IV passed is only 4 bytes long, cipher expects an
IV
of precisely 16 bytes, padding with \0
which is probably the cause here. The buffer we pass in is not large enough to
fit the IV.
A quick hack which fixes the segfault:
--- ext/openssl/openssl.c (revision 323261)
+++ ext/openssl/openssl.c (working copy)
@@ -4819,7 +4819,7 @@
free_iv = php_openssl_validate_iv(&iv, &iv_len,
EVP_CIPHER_iv_length(cipher_type) TSRMLS_CC);
outlen = data_len + EVP_CIPHER_block_size(cipher_type);
- outbuf = emalloc(outlen + 1);
+ outbuf = emalloc(outlen + 16);
EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL);
if (password_len > keylen) {
but it obviously isn't the right solution.
Previous Comments:
------------------------------------------------------------------------
[2012-02-17 17:11:09] mangirdas at impresspages dot org
Description:
------------
This function throws a segmentation fault:
openssl_decrypt ('kzo w2RMExUTYQXW2Xzxmg==', 'aes-128-cbc', 'pass', $rawOutput,
'pass');
Test script:
---------------
<?php
openssl_decrypt ('kzo w2RMExUTYQXW2Xzxmg==', 'aes-128-cbc', 'pass', $rawOutput,
'pass');
Expected result:
----------------
FALSE, because encrypted string is incorrect.
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=61124&edit=1
