cellog Mon Jun 9 16:07:19 2008 UTC
Modified files: (Branch: PHP_5_3)
/php-src/ext/phar phar.c phar.phar
Log:
fix compile warnings if openssl is enabled statically. fix dangerous use of
wrong length var in openssl signature verification
http://cvs.php.net/viewvc.cgi/php-src/ext/phar/phar.c?r1=1.370.2.10&r2=1.370.2.11&diff_format=u
Index: php-src/ext/phar/phar.c
diff -u php-src/ext/phar/phar.c:1.370.2.10 php-src/ext/phar/phar.c:1.370.2.11
--- php-src/ext/phar/phar.c:1.370.2.10 Sun Jun 1 04:21:26 2008
+++ php-src/ext/phar/phar.c Mon Jun 9 16:07:18 2008
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: phar.c,v 1.370.2.10 2008/06/01 04:21:26 cellog Exp $ */
+/* $Id: phar.c,v 1.370.2.11 2008/06/09 16:07:18 cellog Exp $ */
#define PHAR_MAIN 1
#include "phar_internal.h"
@@ -40,7 +40,9 @@
#endif
+#ifndef PHAR_HAVE_OPENSSL
static int phar_call_openssl_signverify(int is_sign, php_stream *fp, off_t
end, char *key, int key_len, char **signature, int *signature_len TSRMLS_DC);
+#endif
ZEND_DECLARE_MODULE_GLOBALS(phar)
#if PHP_VERSION_ID >= 50300
@@ -490,11 +492,11 @@
static int phar_hex_str(const char *digest, size_t digest_len, char **
signature)
{
int pos = -1;
- size_t len;
+ size_t len = 0;
*signature = (char*)safe_emalloc(digest_len, 2, 1);
- for(len = 0; len < digest_len; ++len) {
+ for (; len < digest_len; ++len) {
(*signature)[++pos] = hexChars[((const unsigned char
*)digest)[len] >> 4];
(*signature)[++pos] = hexChars[((const unsigned char
*)digest)[len] & 0x0F];
}
@@ -632,12 +634,13 @@
EVP_PKEY *key;
EVP_MD *mdtype = (EVP_MD *) EVP_sha1();
EVP_MD_CTX md_ctx;
+#else
+ int tempsig;
#endif
php_uint32 signature_len, pubkey_len;
char *sig, *pubkey = NULL, *pfile;
off_t whence;
php_stream *pfp;
- int tempsig;
if (!zend_hash_exists(&module_registry, "openssl",
sizeof("openssl"))) {
efree(savebuf);
@@ -765,7 +768,8 @@
}
EVP_MD_CTX_cleanup(&md_ctx);
#endif
- sig_len = phar_hex_str((const char*)sig, sig_len,
&signature);
+
+ sig_len = phar_hex_str((const char*)sig, signature_len,
&signature);
efree(sig);
}
break;
@@ -2241,6 +2245,7 @@
return stub;
}
+#ifndef PHAR_HAVE_OPENSSL
static int phar_call_openssl_signverify(int is_sign, php_stream *fp, off_t
end, char *key, int key_len, char **signature, int *signature_len TSRMLS_DC)
{
zend_fcall_info fci;
@@ -2350,6 +2355,7 @@
return FAILURE;
}
}
+#endif /* #ifndef PHAR_HAVE_OPENSSL */
/**
* Save phar contents to disk
@@ -3400,7 +3406,7 @@
php_info_print_table_header(2, "Phar: PHP Archive support", "enabled");
php_info_print_table_row(2, "Phar EXT version", PHP_PHAR_VERSION);
php_info_print_table_row(2, "Phar API version", PHP_PHAR_API_VERSION);
- php_info_print_table_row(2, "CVS revision", "$Revision: 1.370.2.10 $");
+ php_info_print_table_row(2, "CVS revision", "$Revision: 1.370.2.11 $");
php_info_print_table_row(2, "Phar-based phar archives", "enabled");
php_info_print_table_row(2, "Tar-based phar archives", "enabled");
php_info_print_table_row(2, "ZIP-based phar archives", "enabled");
http://cvs.php.net/viewvc.cgi/php-src/ext/phar/phar.phar?r1=1.7.2.8&r2=1.7.2.9&diff_format=u
Index: php-src/ext/phar/phar.phar
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
