diff options
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | ext/openssl/openssl.c | 12 | ||||
| -rw-r--r-- | ext/openssl/tests/bug41353.phpt | 16 |
3 files changed, 23 insertions, 6 deletions
@@ -8,6 +8,7 @@ PHP NEWS - Fixed altering $this via argument named "this". (Dmitry) - Fixed PHP CLI to use the php.ini from the binary location. (Hannes) - Fixed segfault in strripos(). (Tony, Joxean Koret) +- Fixed bug #41353 (crash in openssl_pkcs12_read() on invalid input). (Ilia) - Fixed bug #41351 (Invalid opcode with foreach ($a[] as $b)). (Dmitry, Tony) - Fixed bug #41347 (checkdnsrr() segfaults on empty hostname). (Scott) - Fixed bug #41337 (WSDL parsing doesn't ignore non soap bindings). (Dmitry) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 63969ae6b8..f7a69eb3c0 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -1541,13 +1541,13 @@ cleanup: } /* }}} */ -/* {{{ proto bool openssl_pkcs12_read(mixed PKCS12, array &certs, string pass) +/* {{{ proto bool openssl_pkcs12_read(string PKCS12, array &certs, string pass) Parses a PKCS12 to an array */ PHP_FUNCTION(openssl_pkcs12_read) { - zval *zp12 = NULL, *zout = NULL, *zextracerts, *zcert, *zpkey; - char * pass; - int pass_len; + zval *zout = NULL, *zextracerts, *zcert, *zpkey; + char *pass, *zp12; + int pass_len, zp12_len; PKCS12 * p12 = NULL; EVP_PKEY * pkey = NULL; X509 * cert = NULL; @@ -1555,14 +1555,14 @@ PHP_FUNCTION(openssl_pkcs12_read) BIO * bio_in = NULL; int i; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zzs", &zp12, &zout, &pass, &pass_len) == FAILURE) + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szs", &zp12, &zp12_len, &zout, &pass, &pass_len) == FAILURE) return; RETVAL_FALSE; bio_in = BIO_new(BIO_s_mem()); - if(!BIO_write(bio_in, Z_STRVAL_P(zp12), Z_STRLEN_P(zp12))) + if(!BIO_write(bio_in, zp12, zp12_len)) goto cleanup; if(d2i_PKCS12_bio(bio_in, &p12)) { diff --git a/ext/openssl/tests/bug41353.phpt b/ext/openssl/tests/bug41353.phpt new file mode 100644 index 0000000000..199198b200 --- /dev/null +++ b/ext/openssl/tests/bug41353.phpt @@ -0,0 +1,16 @@ +--TEST-- +#41353 openssl_pkcs12_read() does not verify the type of the first arg +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip"); +?> +--FILE-- +<?php + +$a = 2; +openssl_pkcs12_read(1, $a, 1); + +echo "Done\n"; +?> +--EXPECTF-- +Done
\ No newline at end of file |