Bug #62481 [Com]: xdebug openssl_encrypt crash

[beporter at gmail dot com]

Edit report at https://bugs.php.net/bug.php?id=62481&edit=1

 ID:                 62481
 Comment by:         beporter at gmail dot com
 Reported by:        bronze1man at gmail dot com
 Summary:            xdebug openssl_encrypt crash
 Status:             No Feedback
 Type:               Bug
 Package:            OpenSSL related
 Operating System:   ubuntu 1204
 PHP Version:        5.3.10
 Block user comment: N
 Private report:     N

 New Comment:

I've verified the same results. It seems specific to 5.3.10 and does not 
require 
xdebug to trigger: Passing an empty $data string to openssl_encrypt will cause 
a 
segmentation fault.

[me@host:~]$ php --version
PHP 5.3.10 (cli) (built: Feb  4 2012 07:16:03) 
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
    with the ionCube PHP Loader v4.0.10, Copyright (c) 2002-2011, by ionCube 
Ltd.

[me@host:~]$ php -r 'var_dump(bin2hex(openssl_encrypt("", "AES-256-CBC", 
str_repeat("b",32), true,str_repeat("a", 16))));'
Segmentation fault


With a different PHP version, openssl_encrypt behaves normally even with xdebug 
and suhosin:

[me@otherhost:~]$ php --version
PHP 5.3.23 (cli) (built: Apr  9 2013 18:07:12) 
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2013 Zend Technologies
    with Xdebug v2.2.2, Copyright (c) 2002-2013, by Derick Rethans
    with Suhosin v0.9.33, Copyright (c) 2007-2012, by SektionEins GmbH

[me@otherhost:~]$ php -r 'var_dump(bin2hex(openssl_encrypt("", "AES-256-CBC", 
str_repeat("b",32), true,str_repeat("a", 16))));'
string(32) "60aed1d68451e752108a0ddc3390be92"


Previous Comments:
------------------------------------------------------------------------
[2013-02-18 00:35:53] php-bugs at lists dot php dot net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

------------------------------------------------------------------------
[2012-07-05 09:51:58] paj...@php.net

I'd to ask to try your code with a vanilla PHP version, either latest 5.3 or 
latest 5.4, without suhosin patch, as we can't reproduce this issue.

------------------------------------------------------------------------
[2012-07-05 01:10:13] bronze1man at gmail dot com

sorry,php version is 5.3.10

------------------------------------------------------------------------
[2012-07-04 15:08:58] a...@php.net

You wrote 5.3.14 in the ticket, but 5.3.10 in the description ... what is 
correct?

On 5.3.10-dotdeb it segfaults for me without xdebug too. With the 5.3.15-dev 
there are no issues with or without xdebug for me. Can you confirm that?

------------------------------------------------------------------------
[2012-07-04 13:53:04] bronze1man at gmail dot com

Description:
------------
start xdebug openssl_encrypt an empty string ,then it will crash.

php version:
PHP 5.3.10-1ubuntu3.2 with Suhosin-Patch (cli) (built: Jun 13 2012 17:20:55) 
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
    with Xdebug v2.1.0, Copyright (c) 2002-2010, by Derick Rethans


Test script:
---------------
<?php
xdebug_start_code_coverage(XDEBUG_CC_UNUSED | XDEBUG_CC_DEAD_CODE);
$d1 = openssl_encrypt('', 'AES-256-CBC', str_repeat('b',32), 
true,str_repeat('a', 16));
var_dump(bin2hex($d1));

Expected result:
----------------
string(32) "60aed1d68451e752108a0ddc3390be92"

Actual result:
--------------
not output anything.


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=62481&edit=1