ID: 44377 Updated by: [EMAIL PROTECTED] Reported By: noah at cs dot caltech dot edu -Status: Open +Status: Feedback -Bug Type: Reproducible crash +Bug Type: Streams related Operating System: GNU/Linux PHP Version: 5.2.6RC1 New Comment:
Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows (zip): http://snaps.php.net/win32/php5.2-win32-latest.zip For Windows (installer): http://snaps.php.net/win32/php5.2-win32-installer-latest.msi Previous Comments: ------------------------------------------------------------------------ [2008-03-08 17:30:34] noah at cs dot caltech dot edu Description: ------------ I set up a web resource served via Apache 2.2.3. When accessed via SSL, clients of this resource must authenticate using a client-side SSL certificate. I created a PHP client script to connect to this server, authenticate with an SSL certificate, and submit an HTTP POST request to the web resource. The PHP client script receives a segmentation fault when it attempts to make this connection. For the purpose of this bug report, I built PHP 5.2.6RC1 as follows: ./configure --prefix=$HOME/sw/nopath/php526 \ --with-config-file-path=$HOME/sw/nopath/php526/etc \ --enable-debug \ --with-jpeg-dir=/usr --with-png-dir=/usr \ --with-zlib-dir=/usr --with-freetype-dir=/usr \ --with-apxs2=/usr/bin/apxs2 --enable-fastcgi \ --with-layout=gnu \ --with-openssl --with-kerberos --with-zlib --with-bz2 --enable-calendar \ --with-curl=shared \ --enable-dba --with-gdbm --with-db4 --with-inifile --with-flatfile \ --enable-dio --with-dom --with-dom-xslt --with-dom-libexslt --enable-ftp \ --with-gd --enable-exif \ --with-gettext --with-gmp --with-iconv \ --with-java=/usr/lib/jvm/java-6-sun --with-ldap --enable-mbstring \ --with-mssql=/usr --with-mysql=/usr --with-ncurses \ --with-unixODBC=/usr --with-pgsql --with-readline --enable-shmop \ --with-snmp --enable-sockets \ --enable-sysvmsg --enable-sysvsem --enable-sysvshm \ --enable-wddx --with-xmlrpc \ --enable-xslt --with-xslt-sablot=$HOME/sw/sablotron --enable-yp \ --with-pdo-pgsql --enable-soap --with-xsl --enable-zip (I know that some of those options are obsolete in PHP 5; I adapted my PHP 4 configuration line rather hastily.) I used no php.ini at all. I also reproduced this problem in PHP 5.2.1 as supplied with Ubuntu 7.04. On a CentOS 4.5 system with PHP 5.0.4, the runtime caught a problem at a different level: *** glibc detected *** malloc(): memory corruption: 0x08697798 *** Aborted Reproduce code: --------------- ### SERVER SIDE CODE: /secure/hello.php $name = file_get_contents('php://input'); if ($name) echo "Hello, $name! "; print "You made it!\n"; ### CLIENT SIDE CODE $opts = array('http' => array('method' => 'POST', 'header' => 'Content-type: text/plain', 'content' => 'Noah'), 'ssl' => array('verify_peer' => true, 'allow_self_signed' => false, 'cafile' => 'cacert.pem', 'local_cert' => 'client.pem', 'passphrase' => 'secret')); //array_shift($opts) $response = file_get_contents('https://10.10.200.250:2083/secure/hello.php', false, stream_context_create($opts)); print $response; Expected result: ---------------- When I run this client code from the command line (php -f client.php), I expect $response to contain "Hello, Noah! You made it!". Actual result: -------------- Instead, PHP exits with a segmentation fault. If I uncomment "array_shift($opts)", thereby switching the request to a GET, I see the expected response "You made it!". That is to say, the mutual certificate authentication works by itself. Likewise, if I change "https://10.10.200.250:2083"; to "http://10.10.200.250:2080";, thereby accessing the same resource without any SSL, I see the expected response "Hello, Noah! You made it!". If I copy hello.php to an area that does not require certificate authentication and then access it via SSL, I also see the expected response "Hello, Noah! You made it!". Thus, one needs all of POST, SSL, and mutual certificate authentication to reproduce this problem. In the failed case, the Apache log has this: [Sat Mar 08 12:03:11 2008] [info] [client 10.10.200.250] Connection to child 4 established (server 10.10.200.250:2083) [Sat Mar 08 12:03:11 2008] [info] Seeding PRNG with 0 bytes of entropy [Sat Mar 08 12:03:11 2008] [info] Initial (No.1) HTTPS request received for child 4 (server 10.10.200.250:2083) [Sat Mar 08 12:03:11 2008] [info] Requesting connection re-negotiation [Sat Mar 08 12:03:11 2008] [info] Awaiting re-negotiation handshake [Sat Mar 08 12:03:11 2008] [error] Re-negotiation handshake failed: Not accepted by client!? This is the backtrace for the PHP command-line instance running the client script: (gdb) bt #0 0x084b6749 in zend_mm_search_large_block (heap=0x88261f8, true_size=332) at /home/nmisch/src/build/php-5.2.6RC1/Zend/zend_alloc.c:1735 #1 0x084b68f2 in _zend_mm_alloc_int (heap=0x88261f8, size=287, __zend_filename=0x87b7b5c "/home/nmisch/src/build/php-5.2.6RC1/main/spprintf.c", __zend_lineno=750, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /home/nmisch/src/build/php-5.2.6RC1/Zend/zend_alloc.c:1794 #2 0x084b7ce4 in _zend_mm_realloc_int (heap=0x88261f8, p=0x898d724, size=287, __zend_filename=0x87b7b5c "/home/nmisch/src/build/php-5.2.6RC1/main/spprintf.c", __zend_lineno=750, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /home/nmisch/src/build/php-5.2.6RC1/Zend/zend_alloc.c:2213 #3 0x084b7fdf in _erealloc (ptr=0x898d724, size=287, allow_failure=0, __zend_filename=0x87b7b5c "/home/nmisch/src/build/php-5.2.6RC1/main/spprintf.c", __zend_lineno=750, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /home/nmisch/src/build/php-5.2.6RC1/Zend/zend_alloc.c:2303 #4 0x0848475c in xbuf_format_converter (xbuf=0xbfe47eac, fmt=0x856095e "s", ap=0xbfe47fb8 "") at /home/nmisch/src/build/php-5.2.6RC1/main/spprintf.c:750 #5 0x084849fd in vspprintf (pbuf=0xbfe47f1c, max_len=0, format=0x8560938 "SSL operation failed with code %d. %s%s", ap=0xbfe47fac "\001") at /home/nmisch/src/build/php-5.2.6RC1/main/spprintf.c:769 #6 0x0847d8e0 in php_verror (docref=0x0, params=0x87b6a11 "", type=2, format=0x8560938 "SSL operation failed with code %d. %s%s", args=0xbfe47fac "\001") at /home/nmisch/src/build/php-5.2.6RC1/main/main.c:578 #7 0x0847e0cc in php_error_docref0 (docref=0x0, type=2, format=0x8560938 "SSL operation failed with code %d. %s%s") at /home/nmisch/src/build/php-5.2.6RC1/main/main.c:734 #8 0x080c169a in handle_ssl_error (stream=0x898d804, nr_bytes=-1, is_init=0 '\0') at /home/nmisch/src/build/php-5.2.6RC1/ext/openssl/xp_ssl.c:167 #9 0x080c18ea in php_openssl_sockop_read (stream=0x898d804, buf=0x898dbac "", count=8192) at /home/nmisch/src/build/php-5.2.6RC1/ext/openssl/xp_ssl.c:229 #10 0x084970e3 in php_stream_fill_read_buffer (stream=0x898d804, size=126) at /home/nmisch/src/build/php-5.2.6RC1/main/streams/streams.c:545 #11 0x0849784e in _php_stream_get_line (stream=0x898d804, buf=0xbfe49194 "", maxlen=127, returned_len=0xbfe48494) at /home/nmisch/src/build/php-5.2.6RC1/main/streams/streams.c:824 #12 0x0842e51c in php_stream_url_wrap_http_ex (wrapper=0x8815068, path=0x898c3d0 "https://10.10.200.250:2083/secure/hello.php";, mode=0x87a2d46 "rb", options=4, opened_path=0x0, context=0x898c4a0, redirect_max=20, header_init=1, __php_stream_call_depth=0, __zend_filename=0x87abae4 "/home/nmisch/src/build/php-5.2.6RC1/ext/standard/http_fopen_wrapper.c", __zend_lineno=710, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /home/nmisch/src/build/php-5.2.6RC1/ext/standard/http_fopen_wrapper.c:494 #13 0x0842f6ed in php_stream_url_wrap_http (wrapper=0x8815068, path=0x898c3d0 "https://10.10.200.250:2083/secure/hello.php";, mode=0x87a2d46 "rb", options=4, opened_path=0x0, context=0x898c4a0, __php_stream_call_depth=1, __zend_filename=0x87bb80c "/home/nmisch/src/build/php-5.2.6RC1/main/streams/streams.c", __zend_lineno=1789, __zend_orig_filename=0x87a2748 "/home/nmisch/src/build/php-5.2.6RC1/ext/standard/file.c", __zend_orig_lineno=551) at /home/nmisch/src/build/php-5.2.6RC1/ext/standard/http_fopen_wrapper.c:710 #14 0x08499fc7 in _php_stream_open_wrapper_ex (path=0x898c3d0 "https://10.10.200.250:2083/secure/hello.php";, mode=0x87a2d46 "rb", options=12, opened_path=0x0, context=0x898c4a0, __php_stream_call_depth=0, __zend_filename=0x87a2748 "/home/nmisch/src/build/php-5.2.6RC1/ext/standard/file.c", __zend_lineno=551, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /home/nmisch/src/build/php-5.2.6RC1/main/streams/streams.c:1787 #15 0x083d0d35 in zif_file_get_contents (ht=3, return_value=0x898d62c, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /home/nmisch/src/build/php-5.2.6RC1/ext/standard/file.c:549 #16 0x084fabb5 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfe49530) at /home/nmisch/src/build/php-5.2.6RC1/Zend/zend_vm_execute.h:200 #17 0x08500459 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfe49530) at /home/nmisch/src/build/php-5.2.6RC1/Zend/zend_vm_execute.h:1682 #18 0x084fa705 in execute (op_array=0x898b28c) at /home/nmisch/src/build/php-5.2.6RC1/Zend/zend_vm_execute.h:92 #19 0x084d56ed in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/nmisch/src/build/php-5.2.6RC1/Zend/zend.c:1134 #20 0x084807a9 in php_execute_script (primary_file=0xbfe4b8a4) at /home/nmisch/src/build/php-5.2.6RC1/main/main.c:2006 #21 0x0855c9cf in main (argc=3, argv=0xbfe4ba24) at /home/nmisch/src/build/php-5.2.6RC1/sapi/cli/php_cli.c:1140 Thanks! ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=44377&edit=1
