Bug 315511 - incorrect values from GMP functions in PHP
incorrect values from GMP functions in PHP
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: php (Show other bugs)
4.5
x86_64 Linux
low Severity high
: ---
: ---
Assigned To: Joe Orton
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-02 11:40 EDT by Tom Swiss
Modified: 2009-05-18 16:32 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-05-18 16:32:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
PHP Bug Tracker 32773 None None None Never

  None (edit)
Description Tom Swiss 2007-10-02 11:40:54 EDT
Description of problem:

I'm seeing a failure of PHP's GMP functions on certain values.


Version-Release number of selected component (if applicable):

Our PHP is 4.3.9-3.22.9. 



How reproducible:

run the following PHP code: 


<?php

$total=gmp_init(120);
$v=gmp_mul(1000, 0); // which is, of course, 0. Right? Therein lies the rub.
// $v=gmp_init(0); // if we include this line to make it 0, all's well 

echo "before add: total is ".gmp_strval($total).", v is ".gmp_strval($v)."\n"; 
$total = gmp_add($total,$v);
echo "after add:  total should be 120, and is actually: ".gmp_strval($total)."\n
";

?>


Steps to Reproduce:
1. create a file "gmp_test.php" with the code above
2. run "php gmp_test.php" from the command line
  
Actual results:


before add: total is 120, v is 0
after add:  total should be 120, and is actually: 0



Expected results:

before add: total is 120, v is 0
after add:  total should be 120, and is actually: 120



Additional info:


This problem is not present on php-5.1.6-3.6.fc6 running on a FC6 system.

It is present on a CentOS 4.5 system with php-4.3.9-3.22.5.
Comment 1 Tom Swiss 2007-10-02 12:10:36 EDT

This bug results in errors in GMP calcuations; since GMP is
sometimes used to implement RSA and other crytpographic schemes (for
example, the Crypt_RSA package from PEAR), it does have some security
relevance.
Comment 2 Josh Bressers 2007-10-02 14:29:46 EDT
Joe, can you add a comment on this?  What's causing this flaw.  Is it something
we need to worry about from a security perspective?
Comment 3 Joe Orton 2007-10-03 11:52:06 EDT
This looks like upstream #32773, where passing zero as a second parameter to
various gmp_ functions cause them to fail.  I can't see any security
implications from such usage.

You can work around it by switching the order of the arguments to gmp_add in the
test case.
Comment 4 Tom Swiss 2007-10-03 15:24:57 EDT
Thanks for the quick response, Joe. 

Annoying that my search on bugs.php.net for "GMP" didn't find this.

Any chance of the fix for this getting backported to RHEL 4.5?
Comment 5 RHEL Product and Program Management 2008-02-01 14:02:11 EST
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 6 RHEL Product and Program Management 2008-09-05 13:06:21 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 11 errata-xmlrpc 2009-05-18 16:32:58 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1013.html

Note You need to log in before you can comment on or make changes to this bug.