Edit report at https://bugs.php.net/bug.php?id=64133&edit=1
ID: 64133 Updated by: paj...@php.net Reported by: alex at hollerith dot net Summary: overflow in PHP_FUNCTION(openssl_csr_sign) -Status: Open +Status: Not a bug Type: Bug Package: OpenSSL related Operating System: FreeBSD i386 PHP Version: master-Git-2013-02-02 (Git) Block user comment: N Private report: N New Comment: See http://rt.openssl.org/Ticket/Display.html?id=534 Not an issue in PHP, the signature of X509_gmtime_adj actually expects a long. Previous Comments: ------------------------------------------------------------------------ [2013-02-02 15:34:11] alex at hollerith dot net Description: ------------ Potential overflow in this code: /* {{{ proto resource openssl_csr_sign(mixed csr, mixed x509, mixed priv_key, long days [, array config_args [, long serial]]) Signs a cert with another CERT */ PHP_FUNCTION(openssl_csr_sign) { zval ** zcert = NULL, **zcsr, **zpkey, *args = NULL; long num_days; ...... X509_gmtime_adj(X509_get_notAfter(new_cert), (long)60*60*24*num_days); ...... When "num_days" is big, say 36500 (for 100 years) this casting to "long" will overflow in 32-bit environments where usually "sizeof(long) = 4". This is relevant for applications like the pfsense Firewall system on embedded hardware like the Soekris6501, where only i386 versions can be installed. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=64133&edit=1
