From: [EMAIL PROTECTED]
Operating system: Linux x86 (2.4.x, glibc 2.3)
PHP version: 4.3.0
PHP Bug Type: OpenSSL related
Bug description: openssl_csr_new causes apache+modphp to segfault
When php 4.3.0 is compiled as loaded as an apache module (apache 1.3.27
from Debian Linux) accessing the function openssl_csr_new causes apache to
segfault.
Building php as a CGI this apparently does not happen (but I've not
investigated this all that closely).
Attaching to the apache process (where modphp has been build with symbols)
shows the actual segfault occurs inside php_openssl_make_REQ (no stack
trace available as I guess something get's clobbered and messes this up).
Placing a breakpoint at php_openssl_make_REQ I see it is entered with a
stack of:
Breakpoint 2, php_openssl_make_REQ (req=0xbfffcf24, csr=0x8116c70,
dn=0x8117e1c, attribs=0x0)
at /home/cw/wk/zaphod/php4/php4-4.3.0/ext/openssl/openssl.c:1143
1143 STACK_OF(CONF_VALUE) * dn_sk, *attr_sk = NULL;
(gdb) bt
#0 php_openssl_make_REQ (req=0xbfffcf24, csr=0x8116c70, dn=0x8117e1c,
attribs=0x0)
at /home/cw/wk/zaphod/php4/php4-4.3.0/ext/openssl/openssl.c:1143
#1 0x403a8429 in zif_openssl_csr_new (ht=2, return_value=0x81163ec,
this_ptr=0x0, return_value_used=1)
at /home/cw/wk/zaphod/php4/php4-4.3.0/ext/openssl/openssl.c:1583
#2 0x404adf62 in execute (op_array=0x811333c) at
/home/cw/wk/zaphod/php4/php4-4.3.0/Zend/zend_execute.c:1596
#3 0x4049af24 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /home/cw/wk/zaphod/php4/php4-4.3.0/Zend/zend.c:864
#4 0x4045fd53 in php_execute_script (primary_file=0xbffff764) at
/home/cw/wk/zaphod/php4/php4-4.3.0/main/main.c:1573
#5 0x404b3470 in apache_php_module_main (r=0x8109564,
display_source_mode=0) at
/home/cw/wk/zaphod/php4/php4-4.3.0/sapi/apache/sapi_apache.c:55
#6 0x404b4410 in send_php (r=0x8109564, display_source_mode=0,
filename=0x810b0dc "/var/www/other.php")
at /home/cw/wk/zaphod/php4/php4-4.3.0/sapi/apache/mod_php4.c:556
#7 0x404b448f in send_parsed_php (r=0x8109564) at
/home/cw/wk/zaphod/php4/php4-4.3.0/sapi/apache/mod_php4.c:571
#8 0x08053b34 in ap_invoke_handler ()
#9 0x0806368c in ap_some_auth_required ()
#10 0x080636e8 in ap_process_request ()
#11 0x0805ce2b in ap_child_terminate ()
#12 0x0805cfbc in ap_child_terminate ()
#13 0x0805d0d9 in ap_child_terminate ()
#14 0x0805d5b5 in ap_child_terminate ()
#15 0x0805dcbd in main ()
#16 0x400e59f1 in __libc_start_main () from /lib/libc.so.6
and then dies at php4-4.3.0/ext/openssl/openssl.c line 1185 (the call to
X509_NAME_add_entry_by_NID):
Breakpoint 4, php_openssl_make_REQ (req=0xbfffcf24, csr=0x8116c70,
dn=0x8117e1c, attribs=0x0)
at /home/cw/wk/zaphod/php4/php4-4.3.0/ext/openssl/openssl.c:1185
1185 if
(!X509_NAME_add_entry_by_NID(subj, nid, MBSTRING_ASC,
(gdb) n
Program received signal SIGSEGV, Segmentation fault.
0x402c6f8b in sk_value () from /usr/lib/i686/cmov/libcrypto.so.0.9.6
(gdb)
I don't know enough about this call, php or indeed anything to really know
what variables to poke and look at further.
--
Edit bug report at http://bugs.php.net/?id=21989&edit=1
--
Try a CVS snapshot: http://bugs.php.net/fix.php?id=21989&r=trysnapshot
Fixed in CVS: http://bugs.php.net/fix.php?id=21989&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=21989&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=21989&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=21989&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=21989&r=support
Expected behavior: http://bugs.php.net/fix.php?id=21989&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=21989&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=21989&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=21989&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=21989&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=21989&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=21989&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=21989&r=gnused
