diff options
| author | Moritz Fain <moritz@mertinkat.net> | 2017-03-30 16:20:52 +0200 |
|---|---|---|
| committer | Nikita Popov <nikita.ppv@gmail.com> | 2017-04-02 01:04:32 +0200 |
| commit | 46d286574bdf49d568a21283e4f7f6fb91a1480b (patch) | |
| tree | a37a203db9efd68d83f61b6036cce81567b900a5 | |
| parent | e0102f81aa44b1cdc83c77d686ed5cdc86589832 (diff) | |
| download | php-git-46d286574bdf49d568a21283e4f7f6fb91a1480b.tar.gz | |
Fixed bug #74341
Added support for ASN.1 UTCTime without seconds part (being 11 characters
long instead of 13).
Additionally, fixed incorrect handling of DST on systems without gmtoff.
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | ext/openssl/openssl.c | 23 | ||||
| -rw-r--r-- | ext/openssl/tests/bug74341.phpt | 52 |
3 files changed, 71 insertions, 8 deletions
@@ -6,6 +6,10 @@ PHP NEWS . Fixed bug #74343 (compile fails on solaris 11 with system gd2 library). (krakjoe) +- OpenSSL: + . Fixed bug #74341 (openssl_x509_parse fails to parse ASN.1 UTCTime without + seconds). (Moritz Fain) + 13 Apr 2017 PHP 7.0.18 - Core: diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index da60bb9486..51f2667e82 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -739,23 +739,26 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr) /* {{{ */ char * strbuf; char * thestr; long gmadjust = 0; + size_t timestr_len; if (ASN1_STRING_type(timestr) != V_ASN1_UTCTIME && ASN1_STRING_type(timestr) != V_ASN1_GENERALIZEDTIME) { php_error_docref(NULL, E_WARNING, "illegal ASN1 data type for timestamp"); return (time_t)-1; } - if (ASN1_STRING_length(timestr) != strlen((const char*)ASN1_STRING_data(timestr))) { + timestr_len = (size_t)ASN1_STRING_length(timestr); + + if (timestr_len != strlen((const char*)ASN1_STRING_data(timestr))) { php_error_docref(NULL, E_WARNING, "illegal length in timestamp"); return (time_t)-1; } - if (ASN1_STRING_length(timestr) < 13) { + if (timestr_len < 13 && timestr_len != 11) { php_error_docref(NULL, E_WARNING, "unable to parse time string %s correctly", timestr->data); return (time_t)-1; } - if (ASN1_STRING_type(timestr) == V_ASN1_GENERALIZEDTIME && ASN1_STRING_length(timestr) < 15) { + if (ASN1_STRING_type(timestr) == V_ASN1_GENERALIZEDTIME && timestr_len < 15) { php_error_docref(NULL, E_WARNING, "unable to parse time string %s correctly", timestr->data); return (time_t)-1; } @@ -766,11 +769,15 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr) /* {{{ */ /* we work backwards so that we can use atoi more easily */ - thestr = strbuf + ASN1_STRING_length(timestr) - 3; + thestr = strbuf + timestr_len - 3; - thetime.tm_sec = atoi(thestr); - *thestr = '\0'; - thestr -= 2; + if (timestr_len == 11) { + thetime.tm_sec = 0; + } else { + thetime.tm_sec = atoi(thestr); + *thestr = '\0'; + thestr -= 2; + } thetime.tm_min = atoi(thestr); *thestr = '\0'; thestr -= 2; @@ -807,7 +814,7 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr) /* {{{ */ ** the value of timezone - 3600 seconds. Otherwise, we need to overcorrect and ** set the adjustment to the main timezone + 3600 seconds. */ - gmadjust = -(thetime.tm_isdst ? (long)timezone - 3600 : (long)timezone + 3600); + gmadjust = -(thetime.tm_isdst ? (long)timezone - 3600 : (long)timezone); #endif ret += gmadjust; diff --git a/ext/openssl/tests/bug74341.phpt b/ext/openssl/tests/bug74341.phpt new file mode 100644 index 0000000000..a3c78cfab0 --- /dev/null +++ b/ext/openssl/tests/bug74341.phpt @@ -0,0 +1,52 @@ +--TEST-- +Bug #74341 (openssl_x509_parse fails to parse ASN.1 UTCTime without seconds) +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php + +$pem_cert = ' +-----BEGIN CERTIFICATE----- +MIIGFDCCBPygAwIBAgIDKCHVMA0GCSqGSIb3DQEBBQUAMIHcMQswCQYDVQQGEwJV +UzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UE +ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjE5MDcGA1UECxMwaHR0cDov +L2NlcnRpZmljYXRlcy5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0b3J5MTEwLwYD +VQQDEyhTdGFyZmllbGQgU2VjdXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MREw +DwYDVQQFEwgxMDY4ODQzNTAcFwsxNDAxMDcwMDAwWhcNMTYwNDAxMDcwMDAwWjCB +6zETMBEGCysGAQQBgjc8AgEDEwJVUzEYMBYGCysGAQQBgjc8AgECEwdBcml6b25h +MR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjEUMBIGA1UEBRMLUi0xNzI0 +NzQxLTYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpT +Y290dHNkYWxlMSQwIgYDVQQKExtTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBMTEMx +KzApBgNVBAMTInZhbGlkLnNmaS5jYXRlc3Quc3RhcmZpZWxkdGVjaC5jb20wggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt1LHQOza9tkKxwGL+/yKi/Fe5 +HM0sjvcM4ic1XVrvpewa4P/04IzGSjIGO3CXaSArxQMSzsTt2dcO9tSJ1Zk8c9NZ +XM8eVqx92iTMEf9OQcubWpzWmrPc3TAFhbVnfEmCptsXEgtxbAIbntrNeDk/hBPd +l4DYFYRdm3ZTk4JMIf/quDZe5Oti53J0UsxWXSSoqKyPNdb671Q+OTQfSDj7kVF4 ++Ri3FIeAV16d2UnpBW1bgNqA5yITRskHE4bX98HDNHUTHioHpgA+fXfejWkGB/0F +QN4HbZcysYHhf1L5cWBtz9w5J00YmjM5fzWvTc3UUF9ou7m7JE4aqEbNOWb9AgMB +AAGjggHOMIIByjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE +FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwLQYDVR0RBCYwJIIidmFsaWQuc2ZpLmNh +dGVzdC5zdGFyZmllbGR0ZWNoLmNvbTAdBgNVHQ4EFgQUcO+QEqZcHphPW9szww9t +y+1AGmQwHwYDVR0jBBgwFoAUSUtSJ9EbvPKhIWpie1FCeorX1VYwOAYDVR0fBDEw +LzAtoCugKYYnaHR0cDovL2NybC5zdGFyZmllbGR0ZWNoLmNvbS9zZnMzLTAuY3Js +MIGNBggrBgEFBQcBAQSBgDB+MCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5zdGFy +ZmllbGR0ZWNoLmNvbS8wUAYIKwYBBQUHMAKGRGh0dHA6Ly9jZXJ0aWZpY2F0ZXMu +c3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS9zZl9pbnRlcm1lZGlhdGUuY3J0 +MFIGA1UdIARLMEkwRwYLYIZIAYb9bgEHFwMwODA2BggrBgEFBQcCARYqaHR0cDov +L2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEB +BQUAA4IBAQAViYkLUjQkxWRmZl4DutL0/9/wJSURcJ1qunLP+TImJFp0A9RE/MNK +ZOmQoAEoH6hMg7FL4etkvTcnruTdcx+3mvqYiECUiUEx6pkx3dmkYgZACEuk2nfy +J0MkV/zwzqmI8aV+kunpOQv93aePZbrBgaAzkE8jDlExtd7c4pE7JF40jxmvDwjZ +HwpyNDULreGtFBij7JcWJCfihM3uetqrao0kOoeih1PQyJXtz2RldhFYs6Jdk3IL +Yv+84t5UMO+aS9nVBXIcbgaGjIMZjHDgR/tE9FKFB66k8UTDzAwwEs38VV24zx6h +lOzTF7xAUxmPUnNb2teatMf2Rmj0fs+d +-----END CERTIFICATE----- +'; + +$parsed_cert = openssl_x509_parse($pem_cert); +var_dump($parsed_cert['validFrom_time_t']); +var_dump($parsed_cert['validTo_time_t']); +?> +--EXPECTF-- +int(1389052800) +int(1459494000) |