Why module shutdown function is not called for openssl extension?

21 years ago by Kamesh Jayachandran — view source — reply

unread

Hi All,

I have identified a defect in openssl extension code. Even though it is
not critical and not likely to happen. Let me explain the scenario.
<?php
$dn = array(
"countryName" => "TestCountry",
"stateOrProvinceName" => "TestSrate",
"localityName" => "TestLocality",
"organizationName" => "Test Organisation",
"organizationalUnitName" => "Test organisational Unit",
"commonName" => "Test common name",
"emailAddress" => "mymail@mail.com"
);
$privkey = openssl_pkey_new();
$csr = openssl_csr_new($dn, $privkey);
?>
The above scenario causes a segfault in NetWare but not on Linux. I did
not try on windows.

openssl_csr_new will fail because maxlength of countryName is 2
characters.
During the failure openssl_csr_new is not setting req.priv_key to NULL
this causes dispose function to free the req.priv_key.
As a part of php_request_shutdown $privkey is again freed(second time).
This causes a seg fault in NetWare.

Can I go ahead and set req.priv_key = NULL when php_openssl_make_REQ
returns failure and we_made_the_key == 0?

I have seen shutdown function is set to NULL even though it is defined.

With regards
Kamesh Jayachandran

21 years ago by Wez Furlong — view source — reply

unread

Kamesh Jayachandran wrote:

During the failure openssl_csr_new is not setting req.priv_key to NULL
this causes dispose function to free the req.priv_key.

Can I go ahead and set req.priv_key = NULL when php_openssl_make_REQ
returns failure and we_made_the_key == 0?

Please send me a diff

I have seen shutdown function is set to NULL even though it is defined.

Which one? Where?

--Wez

21 years ago by Kamesh Jayachandran — view source — reply

unread

Hi Wez,

zend_module_entry openssl_module_entry = {
STANDARD_MODULE_HEADER,
"openssl",
openssl_functions,
PHP_MINIT(openssl),
NULL, //supposed to be module shutdown function but marked as
NULL even though we have MSHUTDOWN function defined.
NULL,
NULL,
PHP_MINFO(openssl),
NO_VERSION_YET,
STANDARD_MODULE_PROPERTIES
};

My patch for making the req.priv_key not to get dispopsed is available
here.
http://puggy.symonds.net/~kameshj/openssl.c.patch

With regards
Kamesh Jayachandran
On Mon, 25 Oct 2004 16:49:17 +0100, "Wez Furlong" wez@thebrainroom.com
said:

Kamesh Jayachandran wrote:

During the failure openssl_csr_new is not setting req.priv_key to NULL
this causes dispose function to free the req.priv_key.

Can I go ahead and set req.priv_key = NULL when php_openssl_make_REQ
returns failure and we_made_the_key == 0?

Please send me a diff

I have seen shutdown function is set to NULL even though it is defined.

Which one? Where?

--Wez

21 years ago by Wez Furlong — view source — reply

unread

Heh, looks like it's never ever been enabled since ext/openssl was born.

I committed your patch; the associated bug number was 29418.

Thanks :)

--Wez.

On Mon, 25 Oct 2004 23:17:19 -0700, Kamesh Jayachandran
kameshj@fastmail.fm wrote:

Hi Wez,

zend_module_entry openssl_module_entry = {
STANDARD_MODULE_HEADER,
"openssl",
openssl_functions,
PHP_MINIT(openssl),
NULL, //supposed to be module shutdown function but marked as
NULL even though we have MSHUTDOWN function defined.
NULL,
NULL,
PHP_MINFO(openssl),
NO_VERSION_YET,
STANDARD_MODULE_PROPERTIES
};

My patch for making the req.priv_key not to get dispopsed is available
here.
http://puggy.symonds.net/~kameshj/openssl.c.patch

With regards
Kamesh Jayachandran
On Mon, 25 Oct 2004 16:49:17 +0100, "Wez Furlong" wez@thebrainroom.com
said:

Kamesh Jayachandran wrote:

During the failure openssl_csr_new is not setting req.priv_key to NULL
this causes dispose function to free the req.priv_key.

Can I go ahead and set req.priv_key = NULL when php_openssl_make_REQ
returns failure and we_made_the_key == 0?

Please send me a diff

I have seen shutdown function is set to NULL even though it is defined.

Which one? Where?

--Wez

21 years ago by Kamesh Jayachandran — view source — reply

unread

Thanks for applying my patches.

When will it be applied to PHP4.3 and 5.0 tree?

With regards
Kamesh Jayachandran
On Tue, 26 Oct 2004 10:34:19 +0100, "Wez Furlong" kingwez@gmail.com
said:

Heh, looks like it's never ever been enabled since ext/openssl was born.

I committed your patch; the associated bug number was 29418.

Thanks :)

--Wez.

On Mon, 25 Oct 2004 23:17:19 -0700, Kamesh Jayachandran
kameshj@fastmail.fm wrote:

Hi Wez,

zend_module_entry openssl_module_entry = {
STANDARD_MODULE_HEADER,
"openssl",
openssl_functions,
PHP_MINIT(openssl),
NULL, //supposed to be module shutdown function but marked as
NULL even though we have MSHUTDOWN function defined.
NULL,
NULL,
PHP_MINFO(openssl),
NO_VERSION_YET,
STANDARD_MODULE_PROPERTIES
};

My patch for making the req.priv_key not to get dispopsed is available
here.
http://puggy.symonds.net/~kameshj/openssl.c.patch

With regards
Kamesh Jayachandran
On Mon, 25 Oct 2004 16:49:17 +0100, "Wez Furlong" wez@thebrainroom.com
said:

Kamesh Jayachandran wrote:

During the failure openssl_csr_new is not setting req.priv_key to NULL
this causes dispose function to free the req.priv_key.

Can I go ahead and set req.priv_key = NULL when php_openssl_make_REQ
returns failure and we_made_the_key == 0?

Please send me a diff

I have seen shutdown function is set to NULL even though it is defined.

Which one? Where?

--Wez

21 years ago by Wez Furlong — view source — reply

unread

It's already applied to all 3 branches.

--Wez.

On Tue, 26 Oct 2004 03:08:10 -0700, Kamesh Jayachandran
kameshj@fastmail.fm wrote:

Thanks for applying my patches.

When will it be applied to PHP4.3 and 5.0 tree?