Bug #64355 [Com]: Segfault when accepting ssl connection

simone at edinet dot info Thu, 09 May 2013 01:32:41 -0700

Edit report at https://bugs.php.net/bug.php?id=64355&edit=1


 ID:                 64355
 Comment by:         simone at edinet dot info
 Reported by:        nicolyon at free dot fr
 Summary:            Segfault when accepting ssl connection
 Status:             Open
 Type:               Bug
 Package:            OpenSSL related
 Operating System:   Linux
 PHP Version:        5.4.12
 Block user comment: N
 Private report:     N

 New Comment:

Same problem happens with 
PHP 5.4.14
OpenSSL 1.0.1e


GDB bt:
#0  0x00007f8493d2300a in ssl_set_cert_masks () from 
/usr/local/ssl/lib/libssl.so.1.0.0
#1  0x00007f8493d23886 in ssl_get_server_send_pkey () from 
/usr/local/ssl/lib/libssl.so.1.0.0
#2  0x00007f8493d23979 in ssl_get_server_send_cert () from 
/usr/local/ssl/lib/libssl.so.1.0.0
#3  0x000000000047880b in php_SSL_new_from_context (ctx=0x1504f80, 
stream=stream@entry=0x7f8495ef7c98) at 
/usr/local/sorgenti/src/php-5.4.14/ext/openssl/openssl.c:4574
#4  0x0000000000479e2c in php_openssl_setup_crypto (sslsock=0x7f8495ef7c20, 
stream=0x7f8495ef7c98, cparam=<optimized out>) at 
/usr/local/sorgenti/src/php-5.4.14/ext/openssl/xp_ssl.c:410
#5  php_openssl_sockop_set_option (stream=0x7f8495ef7c98, option=<optimized 
out>, value=<optimized out>, ptrparam=0x7fff88da47b0) at 
/usr/local/sorgenti/src/php-5.4.14/ext/openssl/xp_ssl.c:755
#6  0x000000000071fe4c in _php_stream_set_option 
(stream=stream@entry=0x7f8495ef7c98, option=option@entry=8, 
value=value@entry=0, ptrparam=ptrparam@entry=0x7fff88da47b0)
    at /usr/local/sorgenti/src/php-5.4.14/main/streams/streams.c:1358
#7  0x000000000072a487 in php_stream_xport_crypto_setup 
(stream=stream@entry=0x7f8495ef7c98, crypto_method=<optimized out>, 
session_stream=<optimized out>)
    at /usr/local/sorgenti/src/php-5.4.14/main/streams/transports.c:364
#8  0x00000000006cdea7 in zif_stream_socket_enable_crypto (ht=<optimized out>, 
return_value=0x7f8495ef9b00, return_value_ptr=<optimized out>, 
this_ptr=<optimized out>, return_value_used=<optimized out>)
    at /usr/local/sorgenti/src/php-5.4.14/ext/standard/streamsfuncs.c:1506
#9  0x0000000000808af0 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x7f8495ec4288) at 
/usr/local/sorgenti/src/php-5.4.14/Zend/zend_vm_execute.h:643
#10 0x00000000007c45ec in execute (op_array=0x1504e30) at 
/usr/local/sorgenti/src/php-5.4.14/Zend/zend_vm_execute.h:410
#11 0x0000000000767790 in zend_execute_scripts (type=type@entry=8, 
retval=retval@entry=0x0, file_count=file_count@entry=3) at 
/usr/local/sorgenti/src/php-5.4.14/Zend/zend.c:1315
#12 0x0000000000709d99 in php_execute_script 
(primary_file=primary_file@entry=0x7fff88da6db0) at 
/usr/local/sorgenti/src/php-5.4.14/main/main.c:2492
#13 0x000000000080b111 in do_cli (argc=60, argv=0x7fff88da8218) at 
/usr/local/sorgenti/src/php-5.4.14/sapi/cli/php_cli.c:988
#14 0x00000000004382f5 in main (argc=60, argv=0x7fff88da8218) at 
/usr/local/sorgenti/src/php-5.4.14/sapi/cli/php_cli.c:1364

Test script:
---------------
FTP login (SSL) [ext/ftp/tests/002.phpt]

Expected result:
----------------
no crash

Actual result:
--------------
segfault


Previous Comments:
------------------------------------------------------------------------
[2013-03-05 07:55:18] nicolyon at free dot fr

Description:
------------
When accepting a connection from a SSL socket with openssl >= 1.0.1d PHP crash.
When using openssl 1.0.1c or lower there's no crash.

Here the stack :
#0  0x00007f2f58eafd1a in ssl_set_cert_masks () from /usr/lib/libssl.so.1.0.0
#1  0x00007f2f58eb0596 in ssl_get_server_send_pkey () from 
/usr/lib/libssl.so.1.0.0
#2  0x00007f2f58eb0689 in ssl_get_server_send_cert () from 
/usr/lib/libssl.so.1.0.0
#3  0x00007f2f4c84bf23 in php_SSL_new_from_context () from 
/usr/lib/php/extensions/openssl.so
#4  0x00007f2f4c84d5b9 in php_openssl_sockop_set_option () from 
/usr/lib/php/extensions/openssl.so
#5  0x00000000006247cc in _php_stream_set_option ()
#6  0x000000000062fe9e in php_stream_xport_crypto_setup ()
#7  0x00007f2f4c84d294 in php_openssl_sockop_set_option () from 
/usr/lib/php/extensions/openssl.so
#8  0x00000000006247cc in _php_stream_set_option ()
#9  0x000000000062fcb9 in php_stream_xport_accept ()
#10 0x00000000005c9e9c in zif_stream_socket_accept ()


Test script:
---------------
$context = stream_context_create();
$errno = 0;
$errstr = "";
$s = stream_socket_server( "ssl://127.0.0.1:800", $errno, $errstr, 
STREAM_SERVER_BIND | STREAM_SERVER_LISTEN, $context );



do just telnet localhost 800 for crash 

Expected result:
----------------
no crash

Actual result:
--------------
segfault


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=64355&edit=1

Bug #64355 [Com]: Segfault when accepting ssl connection

Reply via email to