Edit report at https://bugs.php.net/bug.php?id=62481&edit=1
ID: 62481
Comment by: beporter at gmail dot com
Reported by: bronze1man at gmail dot com
Summary: xdebug openssl_encrypt crash
Status: No Feedback
Type: Bug
Package: OpenSSL related
Operating System: ubuntu 1204
PHP Version: 5.3.10
Block user comment: N
Private report: N
New Comment:
I've verified the same results. It seems specific to 5.3.10 and does not
require
xdebug to trigger: Passing an empty $data string to openssl_encrypt will cause
a
segmentation fault.
[me@host:~]$ php --version
PHP 5.3.10 (cli) (built: Feb 4 2012 07:16:03)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
with the ionCube PHP Loader v4.0.10, Copyright (c) 2002-2011, by ionCube
Ltd.
[me@host:~]$ php -r 'var_dump(bin2hex(openssl_encrypt("", "AES-256-CBC",
str_repeat("b",32), true,str_repeat("a", 16))));'
Segmentation fault
With a different PHP version, openssl_encrypt behaves normally even with xdebug
and suhosin:
[me@otherhost:~]$ php --version
PHP 5.3.23 (cli) (built: Apr 9 2013 18:07:12)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2013 Zend Technologies
with Xdebug v2.2.2, Copyright (c) 2002-2013, by Derick Rethans
with Suhosin v0.9.33, Copyright (c) 2007-2012, by SektionEins GmbH
[me@otherhost:~]$ php -r 'var_dump(bin2hex(openssl_encrypt("", "AES-256-CBC",
str_repeat("b",32), true,str_repeat("a", 16))));'
string(32) "60aed1d68451e752108a0ddc3390be92"
Previous Comments:
------------------------------------------------------------------------
[2013-02-18 00:35:53] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
------------------------------------------------------------------------
[2012-07-05 09:51:58] [email protected]
I'd to ask to try your code with a vanilla PHP version, either latest 5.3 or
latest 5.4, without suhosin patch, as we can't reproduce this issue.
------------------------------------------------------------------------
[2012-07-05 01:10:13] bronze1man at gmail dot com
sorry,php version is 5.3.10
------------------------------------------------------------------------
[2012-07-04 15:08:58] [email protected]
You wrote 5.3.14 in the ticket, but 5.3.10 in the description ... what is
correct?
On 5.3.10-dotdeb it segfaults for me without xdebug too. With the 5.3.15-dev
there are no issues with or without xdebug for me. Can you confirm that?
------------------------------------------------------------------------
[2012-07-04 13:53:04] bronze1man at gmail dot com
Description:
------------
start xdebug openssl_encrypt an empty string ,then it will crash.
php version:
PHP 5.3.10-1ubuntu3.2 with Suhosin-Patch (cli) (built: Jun 13 2012 17:20:55)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
with Xdebug v2.1.0, Copyright (c) 2002-2010, by Derick Rethans
Test script:
---------------
<?php
xdebug_start_code_coverage(XDEBUG_CC_UNUSED | XDEBUG_CC_DEAD_CODE);
$d1 = openssl_encrypt('', 'AES-256-CBC', str_repeat('b',32),
true,str_repeat('a', 16));
var_dump(bin2hex($d1));
Expected result:
----------------
string(32) "60aed1d68451e752108a0ddc3390be92"
Actual result:
--------------
not output anything.
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=62481&edit=1
