diff options
author | Anatol Belski <ab@php.net> | 2015-01-30 14:36:33 +0100 |
---|---|---|
committer | Anatol Belski <ab@php.net> | 2015-01-30 14:36:33 +0100 |
commit | 8d054be62f840804ffdbd4e5da2614a2e838424a (patch) | |
tree | 7a975f8d7e1cdc0aadcc51778cb003d2e8ebfef6 | |
parent | 085907d168da54e2411691d07f487603cfe9c731 (diff) | |
download | php-git-8d054be62f840804ffdbd4e5da2614a2e838424a.tar.gz |
fix datatype mismatches, improve error checks
-rw-r--r-- | ext/openssl/xp_ssl.c | 40 |
1 files changed, 26 insertions, 14 deletions
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 59f465ccbd..a888d23403 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -926,9 +926,9 @@ static const SSL_METHOD *php_select_crypto_method(zend_long method_value, int is } /* }}} */ -static zend_long php_get_crypto_method_ctx_flags(zend_long method_flags) /* {{{ */ +static int php_get_crypto_method_ctx_flags(int method_flags) /* {{{ */ { - zend_long ssl_ctx_options = SSL_OP_ALL; + int ssl_ctx_options = SSL_OP_ALL; #ifndef OPENSSL_NO_SSL2 if (!(method_flags & STREAM_CRYPTO_METHOD_SSLv2)) { @@ -1377,8 +1377,8 @@ int php_openssl_setup_crypto(php_stream *stream, ) /* {{{ */ { const SSL_METHOD *method; - long ssl_ctx_options; - long method_flags; + int ssl_ctx_options; + int method_flags; char *cipherlist = NULL; zval *val; @@ -1756,7 +1756,6 @@ static size_t php_openssl_sockop_read(php_stream *stream, char *buf, size_t coun static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, size_t count) /* {{{ */ { php_openssl_netstream_data_t *sslsock = (php_openssl_netstream_data_t*)stream->abstract; - int nr_bytes = 0; /* Only do this if SSL is active. */ if (sslsock->ssl_active) { @@ -1765,6 +1764,12 @@ static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, siz *timeout; int blocked = sslsock->s.is_blocked, has_timeout = 0; + int nr_bytes = 0; + + /* prevent overflow in openssl */ + if (count > INT_MAX) { + count = INT_MAX; + } /* Begin by making the socket non-blocking. This allows us to check the timeout. */ if (SUCCESS == php_set_sock_blocking(sslsock->s.socket, 0)) { @@ -1804,7 +1809,7 @@ static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, siz /* Now, do the IO operation. Don't block if we can't complete... */ if (read) { - nr_bytes = SSL_read(sslsock->ssl_handle, buf, count); + nr_bytes = SSL_read(sslsock->ssl_handle, buf, (int)count); if (sslsock->reneg && sslsock->reneg->should_close) { /* renegotiation rate limiting triggered */ @@ -1814,7 +1819,7 @@ static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, siz break; } } else { - nr_bytes = SSL_write(sslsock->ssl_handle, buf, count); + nr_bytes = SSL_write(sslsock->ssl_handle, buf, (int)count); } /* Now, how much time until we time out? */ @@ -1886,7 +1891,11 @@ static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, siz php_set_sock_blocking(sslsock->s.socket, 1); sslsock->s.is_blocked = 1; } + + return 0 > nr_bytes ? 0 : nr_bytes; } else { + size_t nr_bytes = 0; + /* * This block is if we had no timeout... We will just sit and wait forever on the IO operation. */ @@ -1895,14 +1904,9 @@ static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, siz } else { nr_bytes = php_stream_socket_ops.write(stream, buf, count); } - } - /* PHP doesn't expect a negative return. */ - if (nr_bytes < 0) { - nr_bytes = 0; + return nr_bytes; } - - return nr_bytes; } /* }}} */ @@ -2090,7 +2094,11 @@ static int php_openssl_sockop_set_option(php_stream *stream, int option, int val if (value == -1) { if (sslsock->s.timeout.tv_sec == -1) { - tv.tv_sec = FG(default_socket_timeout); +#ifdef _WIN32 + tv.tv_sec = (long)FG(default_socket_timeout); +#else + tv.tv_sec = (time_t)FG(default_socket_timeout); +#endif tv.tv_usec = 0; } else { tv = sslsock->connect_timeout; @@ -2303,7 +2311,11 @@ php_stream *php_openssl_ssl_socket_factory(const char *proto, size_t protolen, sslsock->s.is_blocked = 1; /* this timeout is used by standard stream funcs, therefor it should use the default value */ +#ifdef _WIN32 sslsock->s.timeout.tv_sec = (long)FG(default_socket_timeout); +#else + sslsock->s.timeout.tv_sec = (time_t)FG(default_socket_timeout); +#endif sslsock->s.timeout.tv_usec = 0; /* use separate timeout for our private funcs */ |