This standalone self-contained test script segfaults on Centos 6.2 for
me with PHP 5.4:
https://gist.github.com/anonymous/5289189
The Valgrind output is:
https://gist.github.com/anonymous/5289189
So it is as if SSL_CTX_use_certificate_chain_file() is calling
ASN1_item_free() on something that it needs later.
On Debian, FreeBSD and Ubuntu, I don't get a crash and the script works,
but Valgrind still complains at least on Ubuntu with:
==12085== Uninitialised value was created by a stack allocation
==12085== at 0x7B54530: ASN1_STRING_to_UTF8 (in
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
And it was accessed from:
==12085== Conditional jump or move depends on uninitialised value(s)
==12085== at 0x7B657AB: ASN1_STRING_set (in
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==12085== by 0x7B5349C: ASN1_mbstring_ncopy (in
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==12085== by 0x7B536C3: ASN1_mbstring_copy (in
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==12085== by 0x7B54584: ASN1_STRING_to_UTF8 (in
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==12085== by 0x7B559A2: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==12085== by 0x7B55F06: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==12085== by 0x7B5C442: ASN1_item_ex_d2i (in
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==12085== by 0x7B5CFFF: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==12085== by 0x7B5D247: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==12085== by 0x7B5CAB0: ASN1_item_ex_d2i (in
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==12085== by 0x7B5CFFF: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==12085== by 0x7B5D247: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==12085== by 0x7B5CAB0: ASN1_item_ex_d2i (in
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==12085== by 0x7B5D3D3: ASN1_item_d2i (in
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==12085== by 0x7B561E5: d2i_X509_AUX (in
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==12085== by 0x7B6BD07: PEM_ASN1_read_bio (in
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==12085== by 0x7842771: SSL_CTX_use_certificate_chain_file (in
/lib/x86_64-linux-gnu/libssl.so.1.0.0)
==12085== by 0x47AE6B: php_SSL_new_from_context (openssl.c:4552)
This same problem appears across PHP 5.3, 5.4 and 5.5 with different
openssl library versions, so I think we are calling the openssl
incorrectly somehow there. Somehow related to a realloc during UTF8
conversion deep in the library perhaps? Does anyone see what we might
have gotten wrong in this function?
http://lxr.php.net/xref/PHP_5_4/ext/openssl/openssl.c#4492
-Rasmus
This standalone self-contained test script segfaults on Centos 6.2 for
me with PHP 5.4:
Oops, the script gist is actually:
https://gist.github.com/anonymous/5288886
-Rasmus
==12085== Uninitialised value was created by a stack allocation
==12085== at 0x7B54530: ASN1_STRING_to_UTF8 (in
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
Looks like these ASN1_STRING_to_UTF8 ones are normal for libcrypto.
Really hard to debug openssl stuff with all these Valgrind false
positives. Still trying to track down the core on Centos 6.2. Looks like
a weird build issue at this point.
-Rasmus
Looks like these ASN1_STRING_to_UTF8 ones are normal for libcrypto.
Really hard to debug openssl stuff with all these Valgrind false
positives. Still trying to track down the core on Centos 6.2. Looks like
a weird build issue at this point.
Might not be related, but looks like we call
SSL_CTX_use_certificate_chain_file with too less arguments:
http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html (note the type
parameter, apparently since 0.9.8).
--
Regards,
Mike
Looks like these ASN1_STRING_to_UTF8 ones are normal for libcrypto.
Really hard to debug openssl stuff with all these Valgrind false
positives. Still trying to track down the core on Centos 6.2. Looks like
a weird build issue at this point.Might not be related, but looks like we call
SSL_CTX_use_certificate_chain_file with too less arguments:
http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html (note the
type parameter, apparently since 0.9.8).
The openssl extension might need some refreshing review in general then...
--
Regards,
Mike
Looks like these ASN1_STRING_to_UTF8 ones are normal for libcrypto.
Really hard to debug openssl stuff with all these Valgrind false
positives. Still trying to track down the core on Centos 6.2. Looks like
a weird build issue at this point.Might not be related, but looks like we call
SSL_CTX_use_certificate_chain_file with too less arguments:
http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html (note the
type parameter, apparently since 0.9.8).
Nevermind, I actually confused *_chain_file with *_file ...
--
Regards,
Mike