Bug #63297 [Com]: Phar fails to write an openssl based signature
Edit report at https://bugs.php.net/bug.php?id=63297&edit=1 ID: 63297 Comment by: a...@php.net Reported by:a...@php.net Summary:Phar fails to write an openssl based signature Status: Open Type: Bug Package:PHAR related Operating System: irrelevant PHP Version:5.3Git-2012-10-17 (Git) Block user comment: N Private report: N New Comment: I've tried with the following snippet: = START SNIPPET #include #include #include #include int main(int argc, char *argv[]) { EVP_MD_CTX *mdctx = NULL; unsigned char sign_value[1024]; int sign_len, i; EVP_PKEY *pkey = NULL; RSA *rpkey = NULL; FILE *rpkey_file; mdctx = EVP_MD_CTX_create(); rpkey_file = fopen("./rsa.key", "r"); if (!rpkey_file) { return 3; } PEM_read_RSAPrivateKey(rpkey_file, &rpkey, NULL, NULL); pkey = EVP_PKEY_new(); EVP_PKEY_set1_RSA(pkey, rpkey); EVP_SignInit_ex(mdctx, EVP_sha1(), NULL); EVP_SignUpdate(mdctx, "abracadabra0", strlen("abracadabra0")); EVP_SignUpdate(mdctx, "abracadabra1", strlen("abracadabra1")); EVP_SignUpdate(mdctx, "abracadabra2", strlen("abracadabra2")); EVP_SignUpdate(mdctx, "abracadabra3", strlen("abracadabra3")); EVP_SignUpdate(mdctx, "abracadabra4", strlen("abracadabra4")); EVP_SignFinal(mdctx, sign_value, (unsigned int *)&sign_len, pkey); sign_value[sign_len] = '\0'; EVP_MD_CTX_destroy(mdctx); printf("Signature is: "); for(i = 0; i < sign_len; i++) { printf("%02x", sign_value[i]); } printf("\n"); fclose(rpkey_file); return 0; } = END SNIPPET It does the same thing as the code in the phar extension producing a signature. Running that with valgrind gives a bunch of messages about openssl. After reading the openssl wiki http://www.openssl.org/support/faq.html#PROG13 I think the actual issue here is that no cleanup is performed on openssl, but that's a more global issue. Thus, there is no clean run with or without the patch using valgrind. But the patch fixes the test run on windows, so i think it's worth to apply it. Previous Comments: [2012-10-23 09:20:20] a...@php.net Note that the previous trace was produced on CentOS using openssl 1.0.0 where under windows the bug shows up with openssl 0.9.8x . [2012-10-23 08:50:14] a...@php.net Running with the valgrind, there is the following trace: ==22867== Use of uninitialised value of size 4 ==22867==at 0x829FFF2: phar_hex_str (util.c:1641) ==22867==by 0x82A0ED4: phar_create_signature (util.c:2212) ==22867==by 0x82A5923: phar_tar_flush (tar.c:1159) ==22867==by 0x82C4CDF: phar_flush (phar.c:2611) ==22867==by 0x82D31DD: zim_Phar_setSignatureAlgorithm (phar_object.c:3124) ==22867==by 0x85AE738: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:320) ==22867==by 0x85AEDDA: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:425) ==22867==by 0x85ADC35: execute (zend_vm_execute.h:107) ==22867==by 0x857C919: zend_execute_scripts (zend.c:1236) ==22867==by 0x8505EB0: php_execute_script (main.c:2308) ==22867==by 0x864F24A: main (php_cli.c:1189) ==22867== ==22867== Use of uninitialised value of size 4 ==22867==at 0x82A0019: phar_hex_str (util.c:1642) ==22867==by 0x82A0ED4: phar_create_signature (util.c:2212) ==22867==by 0x82A5923: phar_tar_flush (tar.c:1159) ==22867==by 0x82C4CDF: phar_flush (phar.c:2611) ==22867==by 0x82D31DD: zim_Phar_setSignatureAlgorithm (phar_object.c:3124) ==22867==by 0x85AE738: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:320) ==22867==by 0x85AEDDA: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:425) ==22867==by 0x85ADC35: execute (zend_vm_execute.h:107) ==22867==by 0x857C919: zend_execute_scripts (zend.c:1236) ==22867==by 0x8505EB0: php_execute_script (main.c:2308) ==22867==by 0x864F24A: main (php_cli.c:1189) ==22867== ==22867== ==22867== Syscall param write(buf) points to uninitialised byte(s) ==22867==at 0x24E363: __write_nocancel (syscall-template.S:82) ==22867==by 0x851F8A9: _php_stream_write_buffer (streams.c:1055) ==22867==by 0x851FB5D: _php_stream_write (streams.c:1166) ==22867==by 0x82A5A75: phar_tar_flush (tar.c:1190) ==22867==by 0x82C4CDF: phar_flush (phar.c:2611) ==22867==by 0x82D31DD: zim_Phar_setSignatureAlgorithm (phar_object.c:3124) ==22867==by 0x85AE738: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:320) ==22867==by 0x85AEDDA: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:425) ==22867==by 0x85ADC35: execute (zend_vm_execute.h:107) ==22867==by 0x857C919: zend_execute_scripts (zend.c:1236) ==22867==by 0x8505EB0: php_execute_script (ma
Bug #63297 [Com]: Phar fails to write an openssl based signature
Edit report at https://bugs.php.net/bug.php?id=63297&edit=1 ID: 63297 Comment by: a...@php.net Reported by:a...@php.net Summary:Phar fails to write an openssl based signature Status: Open Type: Bug Package:PHAR related Operating System: irrelevant PHP Version:5.3Git-2012-10-17 (Git) Block user comment: N Private report: N New Comment: Note that the previous trace was produced on CentOS using openssl 1.0.0 where under windows the bug shows up with openssl 0.9.8x . Previous Comments: [2012-10-23 08:50:14] a...@php.net Running with the valgrind, there is the following trace: ==22867== Use of uninitialised value of size 4 ==22867==at 0x829FFF2: phar_hex_str (util.c:1641) ==22867==by 0x82A0ED4: phar_create_signature (util.c:2212) ==22867==by 0x82A5923: phar_tar_flush (tar.c:1159) ==22867==by 0x82C4CDF: phar_flush (phar.c:2611) ==22867==by 0x82D31DD: zim_Phar_setSignatureAlgorithm (phar_object.c:3124) ==22867==by 0x85AE738: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:320) ==22867==by 0x85AEDDA: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:425) ==22867==by 0x85ADC35: execute (zend_vm_execute.h:107) ==22867==by 0x857C919: zend_execute_scripts (zend.c:1236) ==22867==by 0x8505EB0: php_execute_script (main.c:2308) ==22867==by 0x864F24A: main (php_cli.c:1189) ==22867== ==22867== Use of uninitialised value of size 4 ==22867==at 0x82A0019: phar_hex_str (util.c:1642) ==22867==by 0x82A0ED4: phar_create_signature (util.c:2212) ==22867==by 0x82A5923: phar_tar_flush (tar.c:1159) ==22867==by 0x82C4CDF: phar_flush (phar.c:2611) ==22867==by 0x82D31DD: zim_Phar_setSignatureAlgorithm (phar_object.c:3124) ==22867==by 0x85AE738: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:320) ==22867==by 0x85AEDDA: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:425) ==22867==by 0x85ADC35: execute (zend_vm_execute.h:107) ==22867==by 0x857C919: zend_execute_scripts (zend.c:1236) ==22867==by 0x8505EB0: php_execute_script (main.c:2308) ==22867==by 0x864F24A: main (php_cli.c:1189) ==22867== ==22867== ==22867== Syscall param write(buf) points to uninitialised byte(s) ==22867==at 0x24E363: __write_nocancel (syscall-template.S:82) ==22867==by 0x851F8A9: _php_stream_write_buffer (streams.c:1055) ==22867==by 0x851FB5D: _php_stream_write (streams.c:1166) ==22867==by 0x82A5A75: phar_tar_flush (tar.c:1190) ==22867==by 0x82C4CDF: phar_flush (phar.c:2611) ==22867==by 0x82D31DD: zim_Phar_setSignatureAlgorithm (phar_object.c:3124) ==22867==by 0x85AE738: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:320) ==22867==by 0x85AEDDA: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:425) ==22867==by 0x85ADC35: execute (zend_vm_execute.h:107) ==22867==by 0x857C919: zend_execute_scripts (zend.c:1236) ==22867==by 0x8505EB0: php_execute_script (main.c:2308) ==22867==by 0x864F24A: main (php_cli.c:1189) ==22867== Address 0x58ae570 is 0 bytes inside a block of size 129 alloc'd ==22867==at 0x400682F: malloc (vg_replace_malloc.c:236) ==22867==by 0x855734A: _emalloc (zend_alloc.c:2348) ==22867==by 0x82A0C15: phar_create_signature (util.c:2145) ==22867==by 0x82A5923: phar_tar_flush (tar.c:1159) ==22867==by 0x82C4CDF: phar_flush (phar.c:2611) ==22867==by 0x82D31DD: zim_Phar_setSignatureAlgorithm (phar_object.c:3124) ==22867==by 0x85AE738: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:320) ==22867==by 0x85AEDDA: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:425) ==22867==by 0x85ADC35: execute (zend_vm_execute.h:107) ==22867==by 0x857C919: zend_execute_scripts (zend.c:1236) ==22867==by 0x8505EB0: php_execute_script (main.c:2308) ==22867==by 0x864F24A: main (php_cli.c:1189) ==22867== [2012-10-17 22:13:53] mattfic...@php.net Iâve tried your patch on PHP_5_4⦠All 3 of those tests pass for me. The only failing test I get is fatal_error_webphar.phpt. [2012-10-17 09:25:42] a...@php.net After looking close I can see the same behaviour on this three tests ext\phar\tests\tar\phar_setsignaturealgo2.phpt ext\phar\tests\test_signaturealgos.phpt ext\phar\tests\zip\phar_setsignaturealgo2.phpt and also on 5.4 ... just a side note. [2012-10-17 09:22:18] a...@php.net The following patch has been added/updated: Patch Name: bug63297 Revision: 1350465738 URL: https://bugs.php.net/patch-display.php?bug=63297&patch=bug63297&revision=1350465738 [2012-10-17 09:20:10]
Bug #63297 [Com]: Phar fails to write an openssl based signature
Edit report at https://bugs.php.net/bug.php?id=63297&edit=1 ID: 63297 Comment by: mattfic...@php.net Reported by:a...@php.net Summary:Phar fails to write an openssl based signature Status: Open Type: Bug Package:PHAR related Operating System: Windows PHP Version:5.3Git-2012-10-17 (Git) Block user comment: N Private report: N New Comment: Iâve tried your patch on PHP_5_4⦠All 3 of those tests pass for me. The only failing test I get is fatal_error_webphar.phpt. Previous Comments: [2012-10-17 09:25:42] a...@php.net After looking close I can see the same behaviour on this three tests ext\phar\tests\tar\phar_setsignaturealgo2.phpt ext\phar\tests\test_signaturealgos.phpt ext\phar\tests\zip\phar_setsignaturealgo2.phpt and also on 5.4 ... just a side note. [2012-10-17 09:22:18] a...@php.net The following patch has been added/updated: Patch Name: bug63297 Revision: 1350465738 URL: https://bugs.php.net/patch-display.php?bug=63297&patch=bug63297&revision=1350465738 [2012-10-17 09:20:10] a...@php.net Description: The test below fails on Windows Test script: --- ext\phar\tests\tar\phar_setsignaturealgo2.phpt Expected result: test Pass Actual result: -- There are several popups with the following messages when runnign on a debug build: Run-Time Check Failure #2 - Stack around the variable 'data_len' was corrupted Run-Time Check Failure #2 - Stack around the variable 'md_ctx' was corrupted After the test has run, it's marked as passed though. On a release build here's the diff 031+ phar error: unable to write signature to tar-based phar: unable to write phar "C:/php-sdk/php-test-pack-5.3-nts-windows-vc9-x86-r5d9fb8f/ext/phar/tests/tar/phar_setsignaturealgo2.phar.tar" with requested openssl signature===DONE=== 031- array(2) { 032- ["hash"]=> 033- string(%d) "%s" 034- ["hash_type"]=> 035- string(7) "OpenSSL" 036- } 037- ===DONE=== -- Edit this bug report at https://bugs.php.net/bug.php?id=63297&edit=1
Bug #63297 [Com]: Phar fails to write an openssl based signature
Edit report at https://bugs.php.net/bug.php?id=63297&edit=1 ID: 63297 Comment by: a...@php.net Reported by:a...@php.net Summary:Phar fails to write an openssl based signature Status: Open Type: Bug Package:PHAR related Operating System: Windows PHP Version:5.3Git-2012-10-17 (Git) Block user comment: N Private report: N New Comment: After looking close I can see the same behaviour on this three tests ext\phar\tests\tar\phar_setsignaturealgo2.phpt ext\phar\tests\test_signaturealgos.phpt ext\phar\tests\zip\phar_setsignaturealgo2.phpt and also on 5.4 ... just a side note. Previous Comments: [2012-10-17 09:22:18] a...@php.net The following patch has been added/updated: Patch Name: bug63297 Revision: 1350465738 URL: https://bugs.php.net/patch-display.php?bug=63297&patch=bug63297&revision=1350465738 [2012-10-17 09:20:10] a...@php.net Description: The test below fails on Windows Test script: --- ext\phar\tests\tar\phar_setsignaturealgo2.phpt Expected result: test Pass Actual result: -- There are several popups with the following messages when runnign on a debug build: Run-Time Check Failure #2 - Stack around the variable 'data_len' was corrupted Run-Time Check Failure #2 - Stack around the variable 'md_ctx' was corrupted After the test has run, it's marked as passed though. On a release build here's the diff 031+ phar error: unable to write signature to tar-based phar: unable to write phar "C:/php-sdk/php-test-pack-5.3-nts-windows-vc9-x86-r5d9fb8f/ext/phar/tests/tar/phar_setsignaturealgo2.phar.tar" with requested openssl signature===DONE=== 031- array(2) { 032- ["hash"]=> 033- string(%d) "%s" 034- ["hash_type"]=> 035- string(7) "OpenSSL" 036- } 037- ===DONE=== -- Edit this bug report at https://bugs.php.net/bug.php?id=63297&edit=1