Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:13559
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
To: wez@thebrainroom.com, internals@lists.php.net
Date: Wed, 27 Oct 2004 03:36:17 -0700
Message-ID: <1098873377.30695.207361227@webmail.messagingengine.com>
Subject: [PATCH] one more possible seg fault in openssl
From: kameshj@fastmail.fm ("Kamesh Jayachandran")

Hi Wez,
<?php
$dn = array(
   "countryName" => "UK",
   "stateOrProvinceName" => "Somerset",
   "localityName" => "Glastonbury",
   "organizationName" => "The Brain Room Limited",
   "organizationalUnitName" => "PHP Documentation Team",
   "commonName" => "Wez Furlong",
   "emailAddress" => "wez@example.com"
);
// Non-existent or null private key
$csr = openssl_csr_new($dn, $privkey1);
?>
will also cause the double free of privkey and hence potential seg
fault.
openssl_csr_new tries to create a fresh private key and adds to the
resource list and fails to req.priv_key to null so the dispose function
frees the private key generated. Later when the php_request_shutdown is
called it agains frees the EG(regular_list) this causes the seg fault.

Patch is available at,
http://puggy.symonds.net/~kameshj/openssl.c.patch

With regards
Kamesh Jayachandran