[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/openssl openssl.c /ext/openssl/tests bug38261.phpt

Sun, 30 Jul 2006 09:47:19 -0700 

pajoye          Sun Jul 30 16:26:19 2006 UTC

  Added files:                 (Branch: PHP_5_2)
    /php-src/ext/openssl/tests  bug38261.phpt 

  Modified files:              
    /php-src    NEWS 
    /php-src/ext/openssl        openssl.c 
  Log:
  - 38261: openssl_x509_parse leaks with invalid certs
  
  
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.163&r2=1.2027.2.547.2.164&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.163 php-src/NEWS:1.2027.2.547.2.164
--- php-src/NEWS:1.2027.2.547.2.163     Sun Jul 30 11:19:56 2006
+++ php-src/NEWS        Sun Jul 30 16:26:19 2006
@@ -19,6 +19,7 @@
 - Fixed phpinfo() cutoff of variables at \0. (Ilia)
 - Fixed a bug in the filter extension that prevented magic_quotes_gpc from
   being applied when RAW filter is used. (Ilia)
+- Fixed bug #38261 (openssl_x509_parse() leaks with invalid cert) (Pierre)
 - Fixed bug #38255 (openssl possible leaks while passing keys) (Pierre)
 - Fixed bug #38253 (PDO produces segfault with default fetch mode). (Tony)
 - Fixed bug #38236 (Binary data gets corrupted on multipart/formdata POST).
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.98.2.5.2.5&r2=1.98.2.5.2.6&diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.98.2.5.2.5 
php-src/ext/openssl/openssl.c:1.98.2.5.2.6
--- php-src/ext/openssl/openssl.c:1.98.2.5.2.5  Sun Jul 30 09:18:06 2006
+++ php-src/ext/openssl/openssl.c       Sun Jul 30 16:26:19 2006
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: openssl.c,v 1.98.2.5.2.5 2006/07/30 09:18:06 pajoye Exp $ */
+/* $Id: openssl.c,v 1.98.2.5.2.6 2006/07/30 16:26:19 pajoye Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -784,6 +784,11 @@
 
                return NULL;
        }
+
+       if (!(Z_TYPE_PP(val) == IS_STRING || Z_TYPE_PP(val) == IS_OBJECT)) {
+               return NULL;
+       }
+
        /* force it to be a string and check if it refers to a file */
        convert_to_string_ex(val);
 

http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/bug38261.phpt?view=markup&rev=1.1
Index: php-src/ext/openssl/tests/bug38261.phpt
+++ php-src/ext/openssl/tests/bug38261.phpt

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to