Public bug reported: $>lsb_release -rd Description: Ubuntu 12.04.1 LTS Release: 12.04
$>apt-cache policy php5 php5: Telepítve: 5.3.10-1ubuntu3.4 Jelölt: 5.3.10-1ubuntu3.4 Verziótáblázat: *** 5.3.10-1ubuntu3.4 0 500 http://hu.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages 100 /var/lib/dpkg/status 5.3.10-1ubuntu3 0 500 http://hu.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages My libssl version: libssl1.0.0: Telepítve: 1.0.1-4ubuntu5.5 Jelölt: 1.0.1-4ubuntu5.5 Verziótáblázat: *** 1.0.1-4ubuntu5.5 0 500 http://hu.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages 100 /var/lib/dpkg/status 1.0.1-4ubuntu5.3 0 500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages 1.0.1-4ubuntu3 0 500 http://hu.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages EXPECTED: If you run test.php (attached ) in command line or as Apache module the expected output is binary data smaller than 40byte. BUG: On my system it outputs 32kbyte, and contains memory dump, PHP source code, PHP variable values etc. It looks like similar to a buffer overrun/flow. I've downloaded PHP5.3.10 source code. Could the following cause it? php5-5.3.10/ext/openssl/openssl.c line 4716: if (data_len > 0) { EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); } If data IS nothing (empty), it does not call EVP_EncryptUpdate() function. ** Affects: php5 (Ubuntu) Importance: Undecided Status: New ** Attachment added: "run: php test.php" https://bugs.launchpad.net/bugs/1099793/+attachment/3483887/+files/test.php -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1099793 Title: php 5.3.10 openssl_encrypt empty data To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1099793/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs