php 5.3.10 openssl_encrypt empty data
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
php5 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Marc Deslauriers | ||
Quantal |
Fix Released
|
Undecided
|
Unassigned | ||
Raring |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
$>lsb_release -rd
Description: Ubuntu 12.04.1 LTS
Release: 12.04
$>apt-cache policy php5
php5:
Telepítve: 5.3.10-1ubuntu3.4
Jelölt: 5.3.10-1ubuntu3.4
Verziótáblázat:
*** 5.3.10-1ubuntu3.4 0
500 http://
500 http://
100 /var/lib/
5.
500 http://
My libssl version:
libssl1.0.0:
Telepítve: 1.0.1-4ubuntu5.5
Jelölt: 1.0.1-4ubuntu5.5
Verziótáblázat:
*** 1.0.1-4ubuntu5.5 0
500 http://
100 /var/lib/
1.
500 http://
1.0.1-4ubuntu3 0
500 http://
EXPECTED:
If you run test.php (attached ) in command line or as Apache module the expected output is binary data smaller than 40byte.
BUG:
On my system it outputs 32kbyte, and contains memory dump, PHP source code, PHP variable values etc.
It looks like similar to a buffer overrun/flow.
I've downloaded PHP5.3.10 source code. Could the following cause it?
php5-5.
if (data_len > 0) {
EVP_
}
If data IS nothing (empty), it does not call EVP_EncryptUpdate() function.
Related branches
CVE References
Changed in php5 (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → High |
importance: | High → Undecided |
status: | Triaged → New |
no longer affects: | php5 (Debian) |
Changed in php5 (Ubuntu Quantal): | |
status: | New → Fix Released |
Changed in php5 (Ubuntu Raring): | |
status: | New → Fix Released |
Changed in php5 (Ubuntu Precise): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in php5 (Ubuntu): | |
status: | Fix Released → Confirmed |
Changed in php5 (Ubuntu Raring): | |
status: | Confirmed → Fix Released |
Changed in php5 (Ubuntu Precise): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Thanks for taking the time to report this bug and helping to make Ubuntu better.
It seems likely that this could be an upstream bug. I think suitable next steps are to try to reproduce with PHP built directly from upstream (not from packaging), both 5.3.10 and the latest version to see if this bug occurs upstream and if so whether it has been fixed already.
Are you able to do this, please?