diff options
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/openssl/openssl.c | 21 | ||||
| -rw-r--r-- | ext/openssl/tests/bug28382.phpt | 25 |
3 files changed, 33 insertions, 15 deletions
@@ -6,6 +6,7 @@ PHP NEWS - Upgraded PCRE to version 7.2 (Nuno) - Updated timezone database to version 2007.6. (Derick) +- Improced openssl_x509_parse() to return extensions in readable form. (Dmitry) - Improved fix for MOPB-03-2007. (Ilia) - Corrected fix for CVE-2007-2872. (Ilia) - Enabled statement cache for non-persistent OCI8 connections. @@ -30,6 +31,7 @@ PHP NEWS - Added CURLOPT_PRIVATE & CURLINFO_PRIVATE constants. (Andrey A. Belashkov, Tony) +- Fixed crash in OpenSSL extension because of non-strin passphrase. (Dmitry) - Fixed var_export() to use the new H modifier so that it can generate parseable PHP code for floats, independent of the locale. (Derick) - Fixed regression introduced by the fix for the libgd bug #74. (Pierre) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index d33bd38409..032c9c25c6 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -999,8 +999,10 @@ PHP_FUNCTION(openssl_x509_parse) char * tmpstr; zval * subitem; X509_EXTENSION *extension; - ASN1_OCTET_STRING *extdata; char *extname; + BIO *bio_out; + BUF_MEM *bio_buf; + char buf[256]; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Z|b", &zcert, &useshortnames) == FAILURE) { return; @@ -1082,9 +1084,20 @@ PHP_FUNCTION(openssl_x509_parse) for (i = 0; i < X509_get_ext_count(cert); i++) { extension = X509_get_ext(cert, i); - extdata = X509_EXTENSION_get_data(extension); - extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); - add_assoc_asn1_string(subitem, extname, extdata); + if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) { + extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); + } else { + OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1); + extname = buf; + } + bio_out = BIO_new(BIO_s_mem()); + if (X509V3_EXT_print(bio_out, extension, 0, 0)) { + BIO_get_mem_ptr(bio_out, &bio_buf); + add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); + } else { + add_assoc_asn1_string(subitem, extname, X509_EXTENSION_get_data(extension)); + } + BIO_free(bio_out); } add_assoc_zval(return_value, "extensions", subitem); diff --git a/ext/openssl/tests/bug28382.phpt b/ext/openssl/tests/bug28382.phpt index 255f030412..dab510121d 100644 --- a/ext/openssl/tests/bug28382.phpt +++ b/ext/openssl/tests/bug28382.phpt @@ -14,25 +14,28 @@ var_dump($ext['extensions']); --EXPECTF-- array(11) { ["basicConstraints"]=> - string(2) "%s" + string(8) "CA:FALSE" ["nsComment"]=> - string(40) "%s" + string(38) "For Grid use only; request tag userTag" ["nsCertType"]=> - string(4) "%s" + string(30) "SSL Client, SSL Server, S/MIME" ["crlDistributionPoints"]=> - string(56) "%s" + string(51) "URI:http://mobile.blue-software.ro:90/ca/crl.shtml +" ["nsCaPolicyUrl"]=> - string(40) "%s" + string(38) "http://mobile.blue-software.ro:90/pub/" ["subjectAltName"]=> - string(26) "%s" + string(28) "email:sergiu@bluesoftware.ro" ["subjectKeyIdentifier"]=> - string(22) "%s" + string(59) "B0:A7:FF:F9:41:15:DE:23:39:BD:DD:31:0F:97:A0:B2:A2:74:E0:FC" ["authorityKeyIdentifier"]=> - string(159) "%s" + string(115) "DirName:/C=RO/ST=Romania/L=Craiova/O=Sergiu/OU=Sergiu SRL/CN=Sergiu CA/emailAddress=n_sergiu@hotmail.com +serial:00 +" ["keyUsage"]=> - string(4) "%s" + string(71) "Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment" ["nsBaseUrl"]=> - string(22) "%s" - ["UNDEF"]=> + string(20) "http://62.231.98.52/" + ["1.2.3.4"]=> string(4) "%s" } |