[Bug 1099793] [NEW] php 5.3.10 openssl_encrypt empty data

attb2 1099793 at bugs.launchpad.net
Tue Jan 15 11:40:10 UTC 2013 

Public bug reported:

$>lsb_release -rd
Description:	Ubuntu 12.04.1 LTS
Release:	12.04

$>apt-cache policy php5
php5:
  Telepítve: 5.3.10-1ubuntu3.4
  Jelölt:    5.3.10-1ubuntu3.4
  Verziótáblázat:
 *** 5.3.10-1ubuntu3.4 0
        500 http://hu.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages
        100 /var/lib/dpkg/status
     5.3.10-1ubuntu3 0
        500 http://hu.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages

My libssl version:
libssl1.0.0:
  Telepítve: 1.0.1-4ubuntu5.5
  Jelölt:    1.0.1-4ubuntu5.5
  Verziótáblázat:
 *** 1.0.1-4ubuntu5.5 0
        500 http://hu.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     1.0.1-4ubuntu5.3 0
        500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages
     1.0.1-4ubuntu3 0
        500 http://hu.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages

EXPECTED:
If you run test.php (attached ) in command line or as Apache module the expected output is binary data smaller than 40byte. 

BUG:
On my system it outputs 32kbyte, and contains memory dump, PHP source code, PHP variable values etc.
It looks like similar to a buffer overrun/flow.

I've downloaded PHP5.3.10 source code. Could the following cause it?

php5-5.3.10/ext/openssl/openssl.c line 4716:
if (data_len > 0) {
    EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len);
}

If data IS nothing (empty), it does not call EVP_EncryptUpdate()
function.

** Affects: php5 (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "run: php test.php"
   https://bugs.launchpad.net/bugs/1099793/+attachment/3483887/+files/test.php

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1099793

Title:
  php 5.3.10 openssl_encrypt empty data

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1099793/+subscriptions

More information about the Ubuntu-server-bugs mailing list