fix datatype mismatches, improve error checks

1 files changed, 26 insertions, 14 deletions

diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index 59f465ccbd..a888d23403 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -926,9 +926,9 @@ static const SSL_METHOD *php_select_crypto_method(zend_long method_value, int is
 }
 /* }}} */
 
-static zend_long php_get_crypto_method_ctx_flags(zend_long method_flags) /* {{{ */
+static int php_get_crypto_method_ctx_flags(int method_flags) /* {{{ */
 {
-	zend_long ssl_ctx_options = SSL_OP_ALL;
+	int ssl_ctx_options = SSL_OP_ALL;
 
 #ifndef OPENSSL_NO_SSL2
 	if (!(method_flags & STREAM_CRYPTO_METHOD_SSLv2)) {
@@ -1377,8 +1377,8 @@ int php_openssl_setup_crypto(php_stream *stream,
 		) /* {{{ */
 {
 	const SSL_METHOD *method;
-	long ssl_ctx_options;
-	long method_flags;
+	int ssl_ctx_options;
+	int method_flags;
 	char *cipherlist = NULL;
 	zval *val;
 
@@ -1756,7 +1756,6 @@ static size_t php_openssl_sockop_read(php_stream *stream, char *buf, size_t coun
 static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, size_t count) /* {{{ */
 {
 	php_openssl_netstream_data_t *sslsock = (php_openssl_netstream_data_t*)stream->abstract;
-	int nr_bytes = 0;
 
 	/* Only do this if SSL is active. */
 	if (sslsock->ssl_active) {
@@ -1765,6 +1764,12 @@ static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, siz
 		               *timeout;
 		int    blocked     = sslsock->s.is_blocked,
 		       has_timeout = 0;
+		int nr_bytes = 0;
+
+		/* prevent overflow in openssl */
+		if (count > INT_MAX) {
+			count = INT_MAX;
+		}
 
 		/* Begin by making the socket non-blocking. This allows us to check the timeout. */
 		if (SUCCESS == php_set_sock_blocking(sslsock->s.socket, 0)) {
@@ -1804,7 +1809,7 @@ static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, siz
 
 			/* Now, do the IO operation. Don't block if we can't complete... */
 			if (read) {
-				nr_bytes = SSL_read(sslsock->ssl_handle, buf, count);
+				nr_bytes = SSL_read(sslsock->ssl_handle, buf, (int)count);
         
 				if (sslsock->reneg && sslsock->reneg->should_close) {
 					/* renegotiation rate limiting triggered */
@@ -1814,7 +1819,7 @@ static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, siz
 					 break;
 				}
 			} else {
-				nr_bytes = SSL_write(sslsock->ssl_handle, buf, count);
+				nr_bytes = SSL_write(sslsock->ssl_handle, buf, (int)count);
 			}
 
 			/* Now, how much time until we time out? */
@@ -1886,7 +1891,11 @@ static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, siz
 			php_set_sock_blocking(sslsock->s.socket, 1);
 			 sslsock->s.is_blocked = 1;
 		}
+
+		return 0 > nr_bytes ? 0 : nr_bytes;
 	} else {
+		size_t nr_bytes = 0;
+
 		/*
 	     	 * This block is if we had no timeout... We will just sit and wait forever on the IO operation.
 		 */
@@ -1895,14 +1904,9 @@ static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, siz
 		} else {
 			nr_bytes = php_stream_socket_ops.write(stream, buf, count);
 		}
-	}
 
-	/* PHP doesn't expect a negative return. */
-	if (nr_bytes < 0) {
-		nr_bytes = 0;
+		return nr_bytes;
 	}
-
-	return nr_bytes;
 }
 /* }}} */
 
@@ -2090,7 +2094,11 @@ static int php_openssl_sockop_set_option(php_stream *stream, int option, int val
 
 				if (value == -1) {
 					if (sslsock->s.timeout.tv_sec == -1) {
-						tv.tv_sec = FG(default_socket_timeout);
+#ifdef _WIN32
+						tv.tv_sec = (long)FG(default_socket_timeout);
+#else
+						tv.tv_sec = (time_t)FG(default_socket_timeout);
+#endif
 						tv.tv_usec = 0;
 					} else {
 						tv = sslsock->connect_timeout;
@@ -2303,7 +2311,11 @@ php_stream *php_openssl_ssl_socket_factory(const char *proto, size_t protolen,
 
 	sslsock->s.is_blocked = 1;
 	/* this timeout is used by standard stream funcs, therefor it should use the default value */
+#ifdef _WIN32
 	sslsock->s.timeout.tv_sec = (long)FG(default_socket_timeout);
+#else
+	sslsock->s.timeout.tv_sec = (time_t)FG(default_socket_timeout);
+#endif
 	sslsock->s.timeout.tv_usec = 0;
 
 	/* use separate timeout for our private funcs */