cellog          Mon Jun  9 16:07:19 2008 UTC

  Modified files:              (Branch: PHP_5_3)
    /php-src/ext/phar   phar.c phar.phar 
  Log:
  fix compile warnings if openssl is enabled statically.  fix dangerous use of 
wrong length var in openssl signature verification
  
http://cvs.php.net/viewvc.cgi/php-src/ext/phar/phar.c?r1=1.370.2.10&r2=1.370.2.11&diff_format=u
Index: php-src/ext/phar/phar.c
diff -u php-src/ext/phar/phar.c:1.370.2.10 php-src/ext/phar/phar.c:1.370.2.11
--- php-src/ext/phar/phar.c:1.370.2.10  Sun Jun  1 04:21:26 2008
+++ php-src/ext/phar/phar.c     Mon Jun  9 16:07:18 2008
@@ -17,7 +17,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: phar.c,v 1.370.2.10 2008/06/01 04:21:26 cellog Exp $ */
+/* $Id: phar.c,v 1.370.2.11 2008/06/09 16:07:18 cellog Exp $ */
 
 #define PHAR_MAIN 1
 #include "phar_internal.h"
@@ -40,7 +40,9 @@
 
 #endif
 
+#ifndef PHAR_HAVE_OPENSSL
 static int phar_call_openssl_signverify(int is_sign, php_stream *fp, off_t 
end, char *key, int key_len, char **signature, int *signature_len TSRMLS_DC);
+#endif
 
 ZEND_DECLARE_MODULE_GLOBALS(phar)
 #if PHP_VERSION_ID >= 50300
@@ -490,11 +492,11 @@
 static int phar_hex_str(const char *digest, size_t digest_len, char ** 
signature)
 {
        int pos = -1;
-       size_t len;
+       size_t len = 0;
 
        *signature = (char*)safe_emalloc(digest_len, 2, 1);
 
-       for(len = 0; len < digest_len; ++len) {
+       for (; len < digest_len; ++len) {
                (*signature)[++pos] = hexChars[((const unsigned char 
*)digest)[len] >> 4];
                (*signature)[++pos] = hexChars[((const unsigned char 
*)digest)[len] & 0x0F];
        }
@@ -632,12 +634,13 @@
                        EVP_PKEY *key;
                        EVP_MD *mdtype = (EVP_MD *) EVP_sha1();
                        EVP_MD_CTX md_ctx;
+#else
+                       int tempsig;
 #endif
                        php_uint32 signature_len, pubkey_len;
                        char *sig, *pubkey = NULL, *pfile;
                        off_t whence;
                        php_stream *pfp;
-                       int tempsig;
 
                        if (!zend_hash_exists(&module_registry, "openssl", 
sizeof("openssl"))) {
                                efree(savebuf);
@@ -765,7 +768,8 @@
                        }
                        EVP_MD_CTX_cleanup(&md_ctx);
 #endif
-                       sig_len = phar_hex_str((const char*)sig, sig_len, 
&signature);
+                       
+                       sig_len = phar_hex_str((const char*)sig, signature_len, 
&signature);
                        efree(sig);
                }
                break;
@@ -2241,6 +2245,7 @@
        return stub;
 }
 
+#ifndef PHAR_HAVE_OPENSSL
 static int phar_call_openssl_signverify(int is_sign, php_stream *fp, off_t 
end, char *key, int key_len, char **signature, int *signature_len TSRMLS_DC)
 {
        zend_fcall_info fci;
@@ -2350,6 +2355,7 @@
                        return FAILURE;
        }
 }
+#endif /* #ifndef PHAR_HAVE_OPENSSL */
 
 /**
  * Save phar contents to disk
@@ -3400,7 +3406,7 @@
        php_info_print_table_header(2, "Phar: PHP Archive support", "enabled");
        php_info_print_table_row(2, "Phar EXT version", PHP_PHAR_VERSION);
        php_info_print_table_row(2, "Phar API version", PHP_PHAR_API_VERSION);
-       php_info_print_table_row(2, "CVS revision", "$Revision: 1.370.2.10 $");
+       php_info_print_table_row(2, "CVS revision", "$Revision: 1.370.2.11 $");
        php_info_print_table_row(2, "Phar-based phar archives", "enabled");
        php_info_print_table_row(2, "Tar-based phar archives", "enabled");
        php_info_print_table_row(2, "ZIP-based phar archives", "enabled");
http://cvs.php.net/viewvc.cgi/php-src/ext/phar/phar.phar?r1=1.7.2.8&r2=1.7.2.9&diff_format=u
Index: php-src/ext/phar/phar.phar



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to