Edit report at https://bugs.php.net/bug.php?id=64355&edit=1
ID: 64355 Comment by: ntdm at hotmail dot com Reported by: nicolyon at free dot fr Summary: Segfault when accepting ssl connection Status: Open Type: Bug Package: OpenSSL related Operating System: Linux PHP Version: 5.4.12 Block user comment: N Private report: N New Comment: OpenSSL bug #703031? http://openssl.6102.n7.nabble.com/NULL-ptr-deref-when- calling-SSL-get-certificate-with-1-0-0k-td43636.html Previous Comments: ------------------------------------------------------------------------ [2013-05-09 08:32:09] simone at edinet dot info Same problem happens with PHP 5.4.14 OpenSSL 1.0.1e GDB bt: #0 0x00007f8493d2300a in ssl_set_cert_masks () from /usr/local/ssl/lib/libssl.so.1.0.0 #1 0x00007f8493d23886 in ssl_get_server_send_pkey () from /usr/local/ssl/lib/libssl.so.1.0.0 #2 0x00007f8493d23979 in ssl_get_server_send_cert () from /usr/local/ssl/lib/libssl.so.1.0.0 #3 0x000000000047880b in php_SSL_new_from_context (ctx=0x1504f80, stream=stream@entry=0x7f8495ef7c98) at /usr/local/sorgenti/src/php-5.4.14/ext/openssl/openssl.c:4574 #4 0x0000000000479e2c in php_openssl_setup_crypto (sslsock=0x7f8495ef7c20, stream=0x7f8495ef7c98, cparam=<optimized out>) at /usr/local/sorgenti/src/php-5.4.14/ext/openssl/xp_ssl.c:410 #5 php_openssl_sockop_set_option (stream=0x7f8495ef7c98, option=<optimized out>, value=<optimized out>, ptrparam=0x7fff88da47b0) at /usr/local/sorgenti/src/php-5.4.14/ext/openssl/xp_ssl.c:755 #6 0x000000000071fe4c in _php_stream_set_option (stream=stream@entry=0x7f8495ef7c98, option=option@entry=8, value=value@entry=0, ptrparam=ptrparam@entry=0x7fff88da47b0) at /usr/local/sorgenti/src/php-5.4.14/main/streams/streams.c:1358 #7 0x000000000072a487 in php_stream_xport_crypto_setup (stream=stream@entry=0x7f8495ef7c98, crypto_method=<optimized out>, session_stream=<optimized out>) at /usr/local/sorgenti/src/php-5.4.14/main/streams/transports.c:364 #8 0x00000000006cdea7 in zif_stream_socket_enable_crypto (ht=<optimized out>, return_value=0x7f8495ef9b00, return_value_ptr=<optimized out>, this_ptr=<optimized out>, return_value_used=<optimized out>) at /usr/local/sorgenti/src/php-5.4.14/ext/standard/streamsfuncs.c:1506 #9 0x0000000000808af0 in zend_do_fcall_common_helper_SPEC (execute_data=0x7f8495ec4288) at /usr/local/sorgenti/src/php-5.4.14/Zend/zend_vm_execute.h:643 #10 0x00000000007c45ec in execute (op_array=0x1504e30) at /usr/local/sorgenti/src/php-5.4.14/Zend/zend_vm_execute.h:410 #11 0x0000000000767790 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at /usr/local/sorgenti/src/php-5.4.14/Zend/zend.c:1315 #12 0x0000000000709d99 in php_execute_script (primary_file=primary_file@entry=0x7fff88da6db0) at /usr/local/sorgenti/src/php-5.4.14/main/main.c:2492 #13 0x000000000080b111 in do_cli (argc=60, argv=0x7fff88da8218) at /usr/local/sorgenti/src/php-5.4.14/sapi/cli/php_cli.c:988 #14 0x00000000004382f5 in main (argc=60, argv=0x7fff88da8218) at /usr/local/sorgenti/src/php-5.4.14/sapi/cli/php_cli.c:1364 Test script: --------------- FTP login (SSL) [ext/ftp/tests/002.phpt] Expected result: ---------------- no crash Actual result: -------------- segfault ------------------------------------------------------------------------ [2013-03-05 07:55:18] nicolyon at free dot fr Description: ------------ When accepting a connection from a SSL socket with openssl >= 1.0.1d PHP crash. When using openssl 1.0.1c or lower there's no crash. Here the stack : #0 0x00007f2f58eafd1a in ssl_set_cert_masks () from /usr/lib/libssl.so.1.0.0 #1 0x00007f2f58eb0596 in ssl_get_server_send_pkey () from /usr/lib/libssl.so.1.0.0 #2 0x00007f2f58eb0689 in ssl_get_server_send_cert () from /usr/lib/libssl.so.1.0.0 #3 0x00007f2f4c84bf23 in php_SSL_new_from_context () from /usr/lib/php/extensions/openssl.so #4 0x00007f2f4c84d5b9 in php_openssl_sockop_set_option () from /usr/lib/php/extensions/openssl.so #5 0x00000000006247cc in _php_stream_set_option () #6 0x000000000062fe9e in php_stream_xport_crypto_setup () #7 0x00007f2f4c84d294 in php_openssl_sockop_set_option () from /usr/lib/php/extensions/openssl.so #8 0x00000000006247cc in _php_stream_set_option () #9 0x000000000062fcb9 in php_stream_xport_accept () #10 0x00000000005c9e9c in zif_stream_socket_accept () Test script: --------------- $context = stream_context_create(); $errno = 0; $errstr = ""; $s = stream_socket_server( "ssl://127.0.0.1:800", $errno, $errstr, STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $context ); do just telnet localhost 800 for crash Expected result: ---------------- no crash Actual result: -------------- segfault ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=64355&edit=1
