Reported Integer Overflows with PHP-FPM (not PHP-CLI)

Question

Reported Integer Overflows with PHP-FPM (not PHP-CLI)

paragonie-scott opened this issue 5 years ago · comments

From Dion Hulse on Wordpress Slack:

Did some more digging, turns out the PHP CLI in that environment works, while php-fpm doesn’t.
Got down as far as the final loop in ParagonIE_Sodium_Core_Curve25519::ge_double_scalarmult_vartime() at i = 247 where self::ge_p2_dbl() starts returning different data, T: 60762035, -28864121, -22424362, 37674336, 25959391, -1347853,..... when it’s working T: 60762016, 2506747835552135, -14802114316999430, 6459153759631826, -7767544285703312,..... in a non-working case, so looks like some kind of int overflow issue

Scott · Answer 1 · Fri Apr 12 2019 21:31:10 GMT+0800 (China Standard Time)

https://bugs.php.net/bug.php?id=75938 looks like this is the culprit. PHP 7.2.0, PHP 7.2.1, and PHP 7.2.2 are affected when used in PHP-FPM. PHP 7.2.3+ are unaffected.