cellog Mon Jun 9 16:07:19 2008 UTC Modified files: (Branch: PHP_5_3) /php-src/ext/phar phar.c phar.phar Log: fix compile warnings if openssl is enabled statically. fix dangerous use of wrong length var in openssl signature verification http://cvs.php.net/viewvc.cgi/php-src/ext/phar/phar.c?r1=1.370.2.10&r2=1.370.2.11&diff_format=u Index: php-src/ext/phar/phar.c diff -u php-src/ext/phar/phar.c:1.370.2.10 php-src/ext/phar/phar.c:1.370.2.11 --- php-src/ext/phar/phar.c:1.370.2.10 Sun Jun 1 04:21:26 2008 +++ php-src/ext/phar/phar.c Mon Jun 9 16:07:18 2008 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: phar.c,v 1.370.2.10 2008/06/01 04:21:26 cellog Exp $ */ +/* $Id: phar.c,v 1.370.2.11 2008/06/09 16:07:18 cellog Exp $ */ #define PHAR_MAIN 1 #include "phar_internal.h" @@ -40,7 +40,9 @@ #endif +#ifndef PHAR_HAVE_OPENSSL static int phar_call_openssl_signverify(int is_sign, php_stream *fp, off_t end, char *key, int key_len, char **signature, int *signature_len TSRMLS_DC); +#endif ZEND_DECLARE_MODULE_GLOBALS(phar) #if PHP_VERSION_ID >= 50300 @@ -490,11 +492,11 @@ static int phar_hex_str(const char *digest, size_t digest_len, char ** signature) { int pos = -1; - size_t len; + size_t len = 0; *signature = (char*)safe_emalloc(digest_len, 2, 1); - for(len = 0; len < digest_len; ++len) { + for (; len < digest_len; ++len) { (*signature)[++pos] = hexChars[((const unsigned char *)digest)[len] >> 4]; (*signature)[++pos] = hexChars[((const unsigned char *)digest)[len] & 0x0F]; } @@ -632,12 +634,13 @@ EVP_PKEY *key; EVP_MD *mdtype = (EVP_MD *) EVP_sha1(); EVP_MD_CTX md_ctx; +#else + int tempsig; #endif php_uint32 signature_len, pubkey_len; char *sig, *pubkey = NULL, *pfile; off_t whence; php_stream *pfp; - int tempsig; if (!zend_hash_exists(&module_registry, "openssl", sizeof("openssl"))) { efree(savebuf); @@ -765,7 +768,8 @@ } EVP_MD_CTX_cleanup(&md_ctx); #endif - sig_len = phar_hex_str((const char*)sig, sig_len, &signature); + + sig_len = phar_hex_str((const char*)sig, signature_len, &signature); efree(sig); } break; @@ -2241,6 +2245,7 @@ return stub; } +#ifndef PHAR_HAVE_OPENSSL static int phar_call_openssl_signverify(int is_sign, php_stream *fp, off_t end, char *key, int key_len, char **signature, int *signature_len TSRMLS_DC) { zend_fcall_info fci; @@ -2350,6 +2355,7 @@ return FAILURE; } } +#endif /* #ifndef PHAR_HAVE_OPENSSL */ /** * Save phar contents to disk @@ -3400,7 +3406,7 @@ php_info_print_table_header(2, "Phar: PHP Archive support", "enabled"); php_info_print_table_row(2, "Phar EXT version", PHP_PHAR_VERSION); php_info_print_table_row(2, "Phar API version", PHP_PHAR_API_VERSION); - php_info_print_table_row(2, "CVS revision", "$Revision: 1.370.2.10 $"); + php_info_print_table_row(2, "CVS revision", "$Revision: 1.370.2.11 $"); php_info_print_table_row(2, "Phar-based phar archives", "enabled"); php_info_print_table_row(2, "Tar-based phar archives", "enabled"); php_info_print_table_row(2, "ZIP-based phar archives", "enabled"); http://cvs.php.net/viewvc.cgi/php-src/ext/phar/phar.phar?r1=1.7.2.8&r2=1.7.2.9&diff_format=u Index: php-src/ext/phar/phar.phar
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php