Hi All,
I have identified a defect in openssl extension code. Even though it is
not critical and not likely to happen. Let me explain the scenario.
<?php
$dn = array(
"countryName" => "TestCountry",
"stateOrProvinceName" => "TestSrate",
"localityName" => "TestLocality",
"organizationName" => "Test Organisation",
"organizationalUnitName" => "Test organisational Unit",
"commonName" => "Test common name",
"emailAddress" => "[EMAIL PROTECTED]"
);
$privkey = openssl_pkey_new();
$csr = openssl_csr_new($dn, $privkey);
?>
The above scenario causes a segfault in NetWare but not on Linux. I did
not try on windows.
openssl_csr_new will fail because maxlength of countryName is 2
characters.
During the failure openssl_csr_new is not setting req.priv_key to NULL
this causes dispose function to free the req.priv_key.
As a part of php_request_shutdown $privkey is again freed(second time).
This causes a seg fault in NetWare.
Can I go ahead and set req.priv_key = NULL when php_openssl_make_REQ
returns failure and we_made_the_key == 0?
I have seen shutdown function is set to NULL even though it is defined.
With regards
Kamesh Jayachandran
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
