diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2021-02-15 15:34:11 +0100 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2021-02-15 15:34:21 +0100 |
commit | f43097a2d7ba93204278fce6269effa780e111f3 (patch) | |
tree | 03ee28e5652e24e3d230c3692cbea3cdd8f58ae2 | |
parent | 882862563a8281457afb9c5ad93763605e295270 (diff) | |
parent | 64b10854643531bcf62a884aaea0bafc57e4f914 (diff) | |
download | php-git-f43097a2d7ba93204278fce6269effa780e111f3.tar.gz |
Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
Fixed bug #80747
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | ext/openssl/openssl.c | 2 | ||||
-rw-r--r-- | ext/openssl/tests/bug80747.phpt | 19 |
3 files changed, 25 insertions, 0 deletions
@@ -25,6 +25,10 @@ PHP NEWS preloaded JITted code). (Dmitry) . Fixed bug #80682 (opcache doesn't honour pcre.jit option). (Remi) +- OpenSSL: + . Fixed bug #80747 (Providing RSA key size < 512 generates key that crash + PHP). (Nikita) + - Phar: . Fixed bug #75850 (Unclear error message wrt. __halt_compiler() w/o semicolon) (cmb) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index e21c3aacb3..2bae0534a2 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -3687,6 +3687,8 @@ static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req PHP_OPENSSL_RAND_ADD_TIME(); if (rsaparam == NULL || !RSA_generate_key_ex(rsaparam, req->priv_key_bits, bne, NULL)) { php_openssl_store_errors(); + RSA_free(rsaparam); + rsaparam = NULL; } BN_free(bne); } diff --git a/ext/openssl/tests/bug80747.phpt b/ext/openssl/tests/bug80747.phpt new file mode 100644 index 0000000000..db83d0266f --- /dev/null +++ b/ext/openssl/tests/bug80747.phpt @@ -0,0 +1,19 @@ +--TEST-- +Bug #80747: Providing RSA key size < 512 generates key that crash PHP +--FILE-- +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip"); +?> +--FILE-- +<?php + +$conf = array( + 'config' => __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf', + 'private_key_bits' => 511, +); +var_dump(openssl_pkey_new($conf)); + +?> +--EXPECT-- +bool(false) |