ID: 47828 Updated by: scott...@php.net Reported By: reinke at securityspace dot com Status: Open Bug Type: OpenSSL related Operating System: Linux (Debian Lenny) PHP Version: 5.2.9 -Assigned To: pajoye +Assigned To: scottmac New Comment:
Pierre using the test given by the reporter I could reproduce this, took less than a minute to find the issue. Assigning yourself a bug that you'll look at next week isn't all that useful, especially if someone with more time comes along in that next week. Perhaps we need to add multiple assignment to bugs? FYI OpenSSL verions OpenSSL 0.9.7l 28 Sep 2006 (OS X default) OpenSSL 0.9.8j 07 Jan 2009 Previous Comments: ------------------------------------------------------------------------ [2009-03-30 06:00:06] paj...@php.net "With all due respect - we are using PHP's official release. On Debian. As provided by the distro. On Ubuntu. As provided by Ubuntu. On Fedora. As provided by... well, you get it. Like it or not, these vendors are your distribution channel" No, our official distributions channel is http://www.php.net/downloads and http://windows.php.net, nothing else. Distributions, in their majority, do a great job at distributing php but they are not our official releases channel, especially not when they use unofficial patches like suhosin or other random changes. The reason we ask to try PHP's version is to be sure about the src of the problem, we have no control over what the distros do or don't. ------------------------------------------------------------------------ [2009-03-30 05:52:22] paj...@php.net Scott, that's nice but add a test please with the data you use to reproduce the segfault. ------------------------------------------------------------------------ [2009-03-29 23:45:51] scott...@php.net I fixed it about 10 minutes ago, the snapshot is from a few hours ago. ------------------------------------------------------------------------ [2009-03-29 23:38:46] reinke at securityspace dot com Also reproduced on Lenny using snapshot php5.2-200903292230. ./configure --with-openssl make sapi/cli/php ~/core2.php -> segmentation fault. ------------------------------------------------------------------------ [2009-03-29 23:33:40] scott...@php.net This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. The string tried to decode one of the items to utf-8 and it failed, this wasn't properly checked resulting in a segfault. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/47828 -- Edit this bug report at http://bugs.php.net/?id=47828&edit=1