Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:13505
Return-Path: <kameshj@fastmail.fm>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 78436 invoked by uid 1010); 25 Oct 2004 15:40:38 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 78410 invoked from network); 25 Oct 2004 15:40:38 -0000
Received: from unknown (HELO out2.smtp.messagingengine.com) (66.111.4.26)
  by pb1.pair.com with SMTP; 25 Oct 2004 15:40:38 -0000
Received: from web1.messagingengine.com (web1.internal [10.202.2.210])
	by frontend1.messagingengine.com (Postfix) with ESMTP id 5A540C343F1;
	Mon, 25 Oct 2004 11:40:37 -0400 (EDT)
Received: by web1.messagingengine.com (Postfix, from userid 99)
	id D731FE45; Mon, 25 Oct 2004 11:40:37 -0400 (EDT)
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
X-Mailer: MIME::Lite 1.5  (F2.73; T1.001; A1.64; B3.05; Q3.03)
To: wez@thebrainroom.com, internals@lists.php.net, venaas@php.net,
	kettler@gmx.net
Date: Mon, 25 Oct 2004 08:40:37 -0700
X-Sasl-Enc: ZB6x6HmBJxMHYoYT8+O2pQ 1098718837
Message-ID: <1098718837.4744.207207878@webmail.messagingengine.com>
Subject: Why module shutdown function is not called for openssl extension?
From: kameshj@fastmail.fm ("Kamesh Jayachandran")

Hi All,

I have identified a defect in openssl extension code. Even though it is
not critical and not likely to happen. Let me explain the scenario.
<?php
$dn = array(
    "countryName" => "TestCountry",
    "stateOrProvinceName" => "TestSrate",
    "localityName" => "TestLocality",
    "organizationName" => "Test Organisation",
    "organizationalUnitName" => "Test organisational Unit",
    "commonName" => "Test common name",
    "emailAddress" => "mymail@mail.com"
);
$privkey = openssl_pkey_new();
$csr = openssl_csr_new($dn, $privkey);
?>
The above scenario causes a segfault in NetWare but not on Linux. I did
not try on windows.

openssl_csr_new will fail because maxlength of countryName is 2
characters.
During the failure openssl_csr_new is not setting req.priv_key to NULL
this causes dispose function to free the req.priv_key.
As a part of php_request_shutdown $privkey is again freed(second time).
This causes a seg fault in NetWare.

Can I go ahead and set req.priv_key = NULL when php_openssl_make_REQ
returns failure and we_made_the_key == 0?


I have seen shutdown function is set to NULL even though it is defined.

With regards
Kamesh Jayachandran