[PHP-DEV] Bug #11817: segfault in mhash_keygen_s2k()

Sat, 30 Jun 2001 23:14:10 -0700 

From:             [EMAIL PROTECTED]
Operating system: Linux i386
PHP version:      4.0 Latest CVS (2001-07-01)
PHP Bug Type:     mhash related
Bug description:  segfault in mhash_keygen_s2k()

According to the PHP docs, the salt parameter hasa fixed length of 8 bytes. Using 
lengths over 8 bytes causes a segfault in Apache. 
PHP compiled as a DSO, mhash-0.8.9 compiled statically into PHP.

Sample scripts.
This does not segfault.
$salt = "oksalt";
$password = "cthulu";
$hash = mhash_keygen_s2k(MHASH_MD5, $password, $salt, 16);

This does.
$salt = "a longer bad salt";
$password = "cthulu";
$hash = mhash_keygen_s2k(MHASH_MD5, $password, $salt, 16);

Backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x4022682b in php_if_mhash_keygen_s2k (ht=4, return_value=0x812263c,
    this_ptr=0x0, return_value_used=1) at mhash.c:245
245             hashid = Z_LVAL_PP(hash);
(gdb) bt
#0  0x4022682b in php_if_mhash_keygen_s2k (ht=4, return_value=0x812263c,
    this_ptr=0x0, return_value_used=1) at mhash.c:245
#1  0x401f7969 in execute (op_array=0x811bab4) at ./zend_execute.c:1504
#2  0x4020617e in zend_execute_scripts (type=8, file_count=3) at zend.c:750
#3  0x402182b4 in php_execute_script (primary_file=0xbffffa88) at main.c:1265
#4  0x4021495f in apache_php_module_main (r=0x811995c, display_source_mode=0)
    at sapi_apache.c:90
#5  0x4021533e in send_php (r=0x811995c, display_source_mode=0, filename=0x0)
    at mod_php4.c:581
#6  0x4021537a in send_parsed_php (r=0x811995c) at mod_php4.c:594
#7  0x8054929 in ap_invoke_handler ()
#8  0x80691cf in process_request_internal ()
#9  0x8069236 in ap_process_request ()
#10 0x80601b6 in child_main ()
#11 0x8060371 in make_child ()
#12 0x80604ec in startup_children ()
#13 0x8060b5c in standalone_main ()
#14 0x806138c in main ()
#15 0x4008c38b in __libc_start_main () from /lib/libc.so.6


-- 
Edit Bug report at: http://bugs.php.net/?id=11817&edit=1



-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to