Edit report at https://bugs.php.net/bug.php?id=61124&edit=1
ID: 61124 Comment by: me at ktamura dot com Reported by: mangirdas at impresspages dot org Summary: Segmentation fault Status: Open Type: Bug Package: OpenSSL related Operating System: CentOS release 5.7 (Final) PHP Version: 5.3.10 Block user comment: N Private report: N New Comment: I feel that the real issue is that there is no input check on the first argument of openssl_decrypt. Looking at http://linux.die.net/man/3/evp_decryptupdate it is unclear what the expected behavior is if you feed invalid input into EVP_DecryptUpdate. Perhaps we can do input validation? Previous Comments: ------------------------------------------------------------------------ [2012-02-18 00:53:01] me at ktamura dot com FYI...the said "hacky" patch of adding 16 as opposed to 1 bytes do not solve the problem for PHP 5.3.8 built with --enable-debug and --with-openssl --without-iconv options on snow leopard. ------------------------------------------------------------------------ [2012-02-17 17:35:53] ras...@php.net Confirmed It would help to mention that this gives this warning: Warning: openssl_decrypt(): IV passed is only 4 bytes long, cipher expects an IV of precisely 16 bytes, padding with \0 which is probably the cause here. The buffer we pass in is not large enough to fit the IV. A quick hack which fixes the segfault: --- ext/openssl/openssl.c (revision 323261) +++ ext/openssl/openssl.c (working copy) @@ -4819,7 +4819,7 @@ free_iv = php_openssl_validate_iv(&iv, &iv_len, EVP_CIPHER_iv_length(cipher_type) TSRMLS_CC); outlen = data_len + EVP_CIPHER_block_size(cipher_type); - outbuf = emalloc(outlen + 1); + outbuf = emalloc(outlen + 16); EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL); if (password_len > keylen) { but it obviously isn't the right solution. ------------------------------------------------------------------------ [2012-02-17 17:11:09] mangirdas at impresspages dot org Description: ------------ This function throws a segmentation fault: openssl_decrypt ('kzo w2RMExUTYQXW2Xzxmg==', 'aes-128-cbc', 'pass', $rawOutput, 'pass'); Test script: --------------- <?php openssl_decrypt ('kzo w2RMExUTYQXW2Xzxmg==', 'aes-128-cbc', 'pass', $rawOutput, 'pass'); Expected result: ---------------- FALSE, because encrypted string is incorrect. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=61124&edit=1
