From: [EMAIL PROTECTED]
Operating system: Slackware Linux 2.4.18
PHP version: 4.2.0
PHP Bug Type: OpenSSL related
Bug description: openssl_private_decrypt segsev
When trying to decrypt a wrong cypher php sigsev's. As far as I could
analyse, when decrypting if something goes wrong the actual code leave
just garbage on the memory area where should some data. The backtrace
folows.
'./configure' '--with-apache=../apache_1.3.24'
'--with-config-file-path=/var/lib/apache/conf' '--enable-sysvsem'
'--enable-sysvshm' '--enable-sigchild' '--enable-shmop'
'--enable-mailparse' '--enable-magic-quotes' '--enable-bcmath'
'--enable-trans-sid' '--enable-track-vars' '--enable-sockets'
'--enable-calendar' '--enable-dbase' '--enable-ftp'
'--with-zip=../zziplib-0.10.27' '--with-zlib' '--with-bz2' '--with-gzip'
'--with-db' '--with-db2' '--with-gdbm' '--with-mysql=/usr/local'
'--with-xml' '--with-expat-dir=../expat-1.95.2' '--with-gd=../gd-1.8.4'
'--with-png-dir=/usr' '--with-jpeg-dir=/usr' '--with-imap=../c-client'
'--with-imap-ssl=/etc/ssl' '--with-mcrypt=../libmcrypt-2.5.0'
'--with-openssl=/usr' '--with-gettext=/usr' '--with-mcal=../libmcal'
'--enable-debug'
Program received signal SIGSEGV, Segmentation fault.
0x08192395 in _efree (ptr=0x17, __zend_filename=0x829a43a "openssl.c",
__zend_lineno=2413, __zend_orig_filename=0x0, __zend_orig_lineno=0)
at zend_alloc.c:222
222 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p->size);
(gdb) bt
#0 0x08192395 in _efree (ptr=0x17, __zend_filename=0x829a43a
"openssl.c",
__zend_lineno=2413, __zend_orig_filename=0x0, __zend_orig_lineno=0)
at zend_alloc.c:222
#1 0x0811de8a in zif_openssl_private_decrypt (ht=4,
return_value=0x84c3e4c,
this_ptr=0x0, return_value_used=0) at openssl.c:2413
#2 0x081c9023 in execute (op_array=0x84c1c1c) at ./zend_execute.c:1598
#3 0x081a3c90 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at zend.c:810
#4 0x080cc4d6 in php_execute_script (primary_file=0xbffff3d0) at
main.c:1381
#5 0x081aee57 in apache_php_module_main (r=0x847d334,
display_source_mode=0)
at sapi_apache.c:90
#6 0x080c8c26 in send_php ()
#7 0x080c8c83 in send_parsed_php ()
#8 0x081d31f3 in ap_invoke_handler ()
#9 0x081e7ba1 in process_request_internal ()
#10 0x081e7fcc in ap_internal_redirect ()
#11 0x0808ba4b in mod_gzip_redir1_handler ()
#12 0x0808a3d5 in mod_gzip_handler ()
#13 0x081d31f3 in ap_invoke_handler ()
#14 0x081e7ba1 in process_request_internal ()
#15 0x081e7c00 in ap_process_request ()
#16 0x081def65 in child_main ()
#17 0x081df114 in make_child ()
#18 0x081df26f in startup_children ()
#19 0x081df8c0 in standalone_main ()
#20 0x081e0087 in main ()
#21 0x4033d74f in __libc_start_main () from /lib/libc.so.6
--
Edit bug report at http://bugs.php.net/?id=16940&edit=1
--
Fixed in CVS: http://bugs.php.net/fix.php?id=16940&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=16940&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=16940&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=16940&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=16940&r=support
Expected behavior: http://bugs.php.net/fix.php?id=16940&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=16940&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=16940&r=submittedtwice
