Bug #16940: openssl_private_decrypt segsev
From: [EMAIL PROTECTED] Operating system: Slackware Linux 2.4.18 PHP version: 4.2.0 PHP Bug Type: OpenSSL related Bug description: openssl_private_decrypt segsev When trying to decrypt a wrong cypher php sigsev's. As far as I could analyse, when decrypting if something goes wrong the actual code leave just garbage on the memory area where should some data. The backtrace folows. './configure' '--with-apache=../apache_1.3.24' '--with-config-file-path=/var/lib/apache/conf' '--enable-sysvsem' '--enable-sysvshm' '--enable-sigchild' '--enable-shmop' '--enable-mailparse' '--enable-magic-quotes' '--enable-bcmath' '--enable-trans-sid' '--enable-track-vars' '--enable-sockets' '--enable-calendar' '--enable-dbase' '--enable-ftp' '--with-zip=../zziplib-0.10.27' '--with-zlib' '--with-bz2' '--with-gzip' '--with-db' '--with-db2' '--with-gdbm' '--with-mysql=/usr/local' '--with-xml' '--with-expat-dir=../expat-1.95.2' '--with-gd=../gd-1.8.4' '--with-png-dir=/usr' '--with-jpeg-dir=/usr' '--with-imap=../c-client' '--with-imap-ssl=/etc/ssl' '--with-mcrypt=../libmcrypt-2.5.0' '--with-openssl=/usr' '--with-gettext=/usr' '--with-mcal=../libmcal' '--enable-debug' Program received signal SIGSEGV, Segmentation fault. 0x08192395 in _efree (ptr=0x17, __zend_filename=0x829a43a openssl.c, __zend_lineno=2413, __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:222 222 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p-size); (gdb) bt #0 0x08192395 in _efree (ptr=0x17, __zend_filename=0x829a43a openssl.c, __zend_lineno=2413, __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:222 #1 0x0811de8a in zif_openssl_private_decrypt (ht=4, return_value=0x84c3e4c, this_ptr=0x0, return_value_used=0) at openssl.c:2413 #2 0x081c9023 in execute (op_array=0x84c1c1c) at ./zend_execute.c:1598 #3 0x081a3c90 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at zend.c:810 #4 0x080cc4d6 in php_execute_script (primary_file=0xb3d0) at main.c:1381 #5 0x081aee57 in apache_php_module_main (r=0x847d334, display_source_mode=0) at sapi_apache.c:90 #6 0x080c8c26 in send_php () #7 0x080c8c83 in send_parsed_php () #8 0x081d31f3 in ap_invoke_handler () #9 0x081e7ba1 in process_request_internal () #10 0x081e7fcc in ap_internal_redirect () #11 0x0808ba4b in mod_gzip_redir1_handler () #12 0x0808a3d5 in mod_gzip_handler () #13 0x081d31f3 in ap_invoke_handler () #14 0x081e7ba1 in process_request_internal () #15 0x081e7c00 in ap_process_request () #16 0x081def65 in child_main () #17 0x081df114 in make_child () #18 0x081df26f in startup_children () #19 0x081df8c0 in standalone_main () #20 0x081e0087 in main () #21 0x4033d74f in __libc_start_main () from /lib/libc.so.6 -- Edit bug report at http://bugs.php.net/?id=16940edit=1 -- Fixed in CVS:http://bugs.php.net/fix.php?id=16940r=fixedcvs Fixed in release:http://bugs.php.net/fix.php?id=16940r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=16940r=needtrace Try newer version: http://bugs.php.net/fix.php?id=16940r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=16940r=support Expected behavior: http://bugs.php.net/fix.php?id=16940r=notwrong Not enough info: http://bugs.php.net/fix.php?id=16940r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=16940r=submittedtwice
Bug #16940 Updated: openssl_private_decrypt segsev
ID: 16940 Updated by: [EMAIL PROTECTED] -Reported By: [EMAIL PROTECTED] +Reported By: [EMAIL PROTECTED] Status: Open Bug Type: OpenSSL related Operating System: Slackware Linux 2.4.18 PHP Version: 4.2.0 New Comment: will try to fix. Previous Comments: [2002-05-01 03:14:33] [EMAIL PROTECTED] When trying to decrypt a wrong cypher php sigsev's. As far as I could analyse, when decrypting if something goes wrong the actual code leave just garbage on the memory area where should some data. The backtrace folows. './configure' '--with-apache=../apache_1.3.24' '--with-config-file-path=/var/lib/apache/conf' '--enable-sysvsem' '--enable-sysvshm' '--enable-sigchild' '--enable-shmop' '--enable-mailparse' '--enable-magic-quotes' '--enable-bcmath' '--enable-trans-sid' '--enable-track-vars' '--enable-sockets' '--enable-calendar' '--enable-dbase' '--enable-ftp' '--with-zip=../zziplib-0.10.27' '--with-zlib' '--with-bz2' '--with-gzip' '--with-db' '--with-db2' '--with-gdbm' '--with-mysql=/usr/local' '--with-xml' '--with-expat-dir=../expat-1.95.2' '--with-gd=../gd-1.8.4' '--with-png-dir=/usr' '--with-jpeg-dir=/usr' '--with-imap=../c-client' '--with-imap-ssl=/etc/ssl' '--with-mcrypt=../libmcrypt-2.5.0' '--with-openssl=/usr' '--with-gettext=/usr' '--with-mcal=../libmcal' '--enable-debug' Program received signal SIGSEGV, Segmentation fault. 0x08192395 in _efree (ptr=0x17, __zend_filename=0x829a43a openssl.c, __zend_lineno=2413, __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:222 222 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p-size); (gdb) bt #0 0x08192395 in _efree (ptr=0x17, __zend_filename=0x829a43a openssl.c, __zend_lineno=2413, __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:222 #1 0x0811de8a in zif_openssl_private_decrypt (ht=4, return_value=0x84c3e4c, this_ptr=0x0, return_value_used=0) at openssl.c:2413 #2 0x081c9023 in execute (op_array=0x84c1c1c) at ./zend_execute.c:1598 #3 0x081a3c90 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at zend.c:810 #4 0x080cc4d6 in php_execute_script (primary_file=0xb3d0) at main.c:1381 #5 0x081aee57 in apache_php_module_main (r=0x847d334, display_source_mode=0) at sapi_apache.c:90 #6 0x080c8c26 in send_php () #7 0x080c8c83 in send_parsed_php () #8 0x081d31f3 in ap_invoke_handler () #9 0x081e7ba1 in process_request_internal () #10 0x081e7fcc in ap_internal_redirect () #11 0x0808ba4b in mod_gzip_redir1_handler () #12 0x0808a3d5 in mod_gzip_handler () #13 0x081d31f3 in ap_invoke_handler () #14 0x081e7ba1 in process_request_internal () #15 0x081e7c00 in ap_process_request () #16 0x081def65 in child_main () #17 0x081df114 in make_child () #18 0x081df26f in startup_children () #19 0x081df8c0 in standalone_main () #20 0x081e0087 in main () #21 0x4033d74f in __libc_start_main () from /lib/libc.so.6 -- Edit this bug report at http://bugs.php.net/?id=16940edit=1
Bug #16940 Updated: openssl_private_decrypt segsev
ID: 16940 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Feedback Bug Type: OpenSSL related Operating System: Slackware Linux 2.4.18 PHP Version: 4.2.0 New Comment: I did found the error. cryptedbuf should be initialized as NULL, but was being initialized as a normal, out of bounds pointer. lines 2362 and 2483, where is written unsigned char *cryptedbuf; should be unsigned char *cryptedbuf = NULL; That solve the problem. Previous Comments: [2002-05-01 03:58:11] [EMAIL PROTECTED] I believe that I have found the problem; the zend_error call uses a %s format specifier, but does not provide a string to print out. I've committed a fix; please try a stable snapshot from snaps.php.net created some time after this report is dated (to make sure you have one with the fix). [2002-05-01 03:34:52] [EMAIL PROTECTED] Please include a short script that reproduces this error. [2002-05-01 03:15:44] [EMAIL PROTECTED] will try to fix. [2002-05-01 03:14:33] [EMAIL PROTECTED] When trying to decrypt a wrong cypher php sigsev's. As far as I could analyse, when decrypting if something goes wrong the actual code leave just garbage on the memory area where should some data. The backtrace folows. './configure' '--with-apache=../apache_1.3.24' '--with-config-file-path=/var/lib/apache/conf' '--enable-sysvsem' '--enable-sysvshm' '--enable-sigchild' '--enable-shmop' '--enable-mailparse' '--enable-magic-quotes' '--enable-bcmath' '--enable-trans-sid' '--enable-track-vars' '--enable-sockets' '--enable-calendar' '--enable-dbase' '--enable-ftp' '--with-zip=../zziplib-0.10.27' '--with-zlib' '--with-bz2' '--with-gzip' '--with-db' '--with-db2' '--with-gdbm' '--with-mysql=/usr/local' '--with-xml' '--with-expat-dir=../expat-1.95.2' '--with-gd=../gd-1.8.4' '--with-png-dir=/usr' '--with-jpeg-dir=/usr' '--with-imap=../c-client' '--with-imap-ssl=/etc/ssl' '--with-mcrypt=../libmcrypt-2.5.0' '--with-openssl=/usr' '--with-gettext=/usr' '--with-mcal=../libmcal' '--enable-debug' Program received signal SIGSEGV, Segmentation fault. 0x08192395 in _efree (ptr=0x17, __zend_filename=0x829a43a openssl.c, __zend_lineno=2413, __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:222 222 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p-size); (gdb) bt #0 0x08192395 in _efree (ptr=0x17, __zend_filename=0x829a43a openssl.c, __zend_lineno=2413, __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:222 #1 0x0811de8a in zif_openssl_private_decrypt (ht=4, return_value=0x84c3e4c, this_ptr=0x0, return_value_used=0) at openssl.c:2413 #2 0x081c9023 in execute (op_array=0x84c1c1c) at ./zend_execute.c:1598 #3 0x081a3c90 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at zend.c:810 #4 0x080cc4d6 in php_execute_script (primary_file=0xb3d0) at main.c:1381 #5 0x081aee57 in apache_php_module_main (r=0x847d334, display_source_mode=0) at sapi_apache.c:90 #6 0x080c8c26 in send_php () #7 0x080c8c83 in send_parsed_php () #8 0x081d31f3 in ap_invoke_handler () #9 0x081e7ba1 in process_request_internal () #10 0x081e7fcc in ap_internal_redirect () #11 0x0808ba4b in mod_gzip_redir1_handler () #12 0x0808a3d5 in mod_gzip_handler () #13 0x081d31f3 in ap_invoke_handler () #14 0x081e7ba1 in process_request_internal () #15 0x081e7c00 in ap_process_request () #16 0x081def65 in child_main () #17 0x081df114 in make_child () #18 0x081df26f in startup_children () #19 0x081df8c0 in standalone_main () #20 0x081e0087 in main () #21 0x4033d74f in __libc_start_main () from /lib/libc.so.6 -- Edit this bug report at http://bugs.php.net/?id=16940edit=1
Bug #16940 Updated: openssl_private_decrypt segsev
ID: 16940 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Feedback Bug Type: OpenSSL related Operating System: Slackware Linux 2.4.18 PHP Version: 4.2.0 New Comment: I did saw that error and thought that that was the error at first, but was not successfull. initializing cryptedbuf as NULL did solve the problem. Thanks for the help. Previous Comments: [2002-05-01 03:59:45] [EMAIL PROTECTED] I did found the error. cryptedbuf should be initialized as NULL, but was being initialized as a normal, out of bounds pointer. lines 2362 and 2483, where is written unsigned char *cryptedbuf; should be unsigned char *cryptedbuf = NULL; That solve the problem. [2002-05-01 03:58:11] [EMAIL PROTECTED] I believe that I have found the problem; the zend_error call uses a %s format specifier, but does not provide a string to print out. I've committed a fix; please try a stable snapshot from snaps.php.net created some time after this report is dated (to make sure you have one with the fix). [2002-05-01 03:34:52] [EMAIL PROTECTED] Please include a short script that reproduces this error. [2002-05-01 03:15:44] [EMAIL PROTECTED] will try to fix. [2002-05-01 03:14:33] [EMAIL PROTECTED] When trying to decrypt a wrong cypher php sigsev's. As far as I could analyse, when decrypting if something goes wrong the actual code leave just garbage on the memory area where should some data. The backtrace folows. './configure' '--with-apache=../apache_1.3.24' '--with-config-file-path=/var/lib/apache/conf' '--enable-sysvsem' '--enable-sysvshm' '--enable-sigchild' '--enable-shmop' '--enable-mailparse' '--enable-magic-quotes' '--enable-bcmath' '--enable-trans-sid' '--enable-track-vars' '--enable-sockets' '--enable-calendar' '--enable-dbase' '--enable-ftp' '--with-zip=../zziplib-0.10.27' '--with-zlib' '--with-bz2' '--with-gzip' '--with-db' '--with-db2' '--with-gdbm' '--with-mysql=/usr/local' '--with-xml' '--with-expat-dir=../expat-1.95.2' '--with-gd=../gd-1.8.4' '--with-png-dir=/usr' '--with-jpeg-dir=/usr' '--with-imap=../c-client' '--with-imap-ssl=/etc/ssl' '--with-mcrypt=../libmcrypt-2.5.0' '--with-openssl=/usr' '--with-gettext=/usr' '--with-mcal=../libmcal' '--enable-debug' Program received signal SIGSEGV, Segmentation fault. 0x08192395 in _efree (ptr=0x17, __zend_filename=0x829a43a openssl.c, __zend_lineno=2413, __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:222 222 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p-size); (gdb) bt #0 0x08192395 in _efree (ptr=0x17, __zend_filename=0x829a43a openssl.c, __zend_lineno=2413, __zend_orig_filename=0x0, __zend_orig_lineno=0) at zend_alloc.c:222 #1 0x0811de8a in zif_openssl_private_decrypt (ht=4, return_value=0x84c3e4c, this_ptr=0x0, return_value_used=0) at openssl.c:2413 #2 0x081c9023 in execute (op_array=0x84c1c1c) at ./zend_execute.c:1598 #3 0x081a3c90 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at zend.c:810 #4 0x080cc4d6 in php_execute_script (primary_file=0xb3d0) at main.c:1381 #5 0x081aee57 in apache_php_module_main (r=0x847d334, display_source_mode=0) at sapi_apache.c:90 #6 0x080c8c26 in send_php () #7 0x080c8c83 in send_parsed_php () #8 0x081d31f3 in ap_invoke_handler () #9 0x081e7ba1 in process_request_internal () #10 0x081e7fcc in ap_internal_redirect () #11 0x0808ba4b in mod_gzip_redir1_handler () #12 0x0808a3d5 in mod_gzip_handler () #13 0x081d31f3 in ap_invoke_handler () #14 0x081e7ba1 in process_request_internal () #15 0x081e7c00 in ap_process_request () #16 0x081def65 in child_main () #17 0x081df114 in make_child () #18 0x081df26f in startup_children () #19 0x081df8c0 in standalone_main () #20 0x081e0087 in main () #21 0x4033d74f in __libc_start_main () from /lib/libc.so.6 -- Edit this bug report at http://bugs.php.net/?id=16940edit=1
