andrey Fri, 05 Aug 2011 13:39:30 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=314330
Log: Fix for bug #55283 SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections Bug: https://bugs.php.net/55283 (Verified) SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/mysqli/mysqli_nonapi.c A php/php-src/branches/PHP_5_3/ext/mysqli/tests/bug55283.phpt U php/php-src/branches/PHP_5_4/ext/mysqli/mysqli_nonapi.c A php/php-src/branches/PHP_5_4/ext/mysqli/tests/bug55283.phpt U php/php-src/trunk/ext/mysqli/mysqli_nonapi.c A php/php-src/trunk/ext/mysqli/tests/bug55283.phpt
Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2011-08-05 13:19:58 UTC (rev 314329) +++ php/php-src/branches/PHP_5_3/NEWS 2011-08-05 13:39:30 UTC (rev 314330) @@ -1,7 +1,10 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? ????, PHP 5.3.7 - +- mysqli + . Fixed bug #55238 (SSL options set by mysqli_ssl_set ignored for MySQLi + persistent connections). (Andrey) + 28 Jul 2011, PHP 5.3.7 RC4 - Improved core functions: . Updated crypt_blowfish to 1.2. ((CVE-2011-2483) (Solar Designer) Modified: php/php-src/branches/PHP_5_3/ext/mysqli/mysqli_nonapi.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/mysqli/mysqli_nonapi.c 2011-08-05 13:19:58 UTC (rev 314329) +++ php/php-src/branches/PHP_5_3/ext/mysqli/mysqli_nonapi.c 2011-08-05 13:39:30 UTC (rev 314330) @@ -141,10 +141,12 @@ hostname = MyG(default_host); } - if (mysql->mysql && mysqli_resource && (mysqli_resource->status > MYSQLI_STATUS_INITIALIZED || (strlen(SAFE_STR(hostname)) > 2 && !strncasecmp(hostname, "p:", 2)))) { - /* already connected, we should close the connection */ - php_mysqli_close(mysql, MYSQLI_CLOSE_IMPLICIT, mysqli_resource->status TSRMLS_CC); - } + if (mysql->mysql && mysqli_resource && + (mysqli_resource->status > MYSQLI_STATUS_INITIALIZED)) + { + /* already connected, we should close the connection */ + php_mysqli_close(mysql, MYSQLI_CLOSE_IMPLICIT, mysqli_resource->status TSRMLS_CC); + } if (strlen(SAFE_STR(hostname)) > 2 && !strncasecmp(hostname, "p:", 2)) { hostname += 2; Added: php/php-src/branches/PHP_5_3/ext/mysqli/tests/bug55283.phpt =================================================================== --- php/php-src/branches/PHP_5_3/ext/mysqli/tests/bug55283.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/mysqli/tests/bug55283.phpt 2011-08-05 13:39:30 UTC (rev 314330) @@ -0,0 +1,55 @@ +--TEST-- +Bug #55283 (SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections) +--SKIPIF-- +<?php +require_once('skipif.inc'); +require_once('skipifconnectfailure.inc'); +$link = mysqli_init(); +mysqli_ssl_set($link, null, null, null, null, "RC4-MD5"); +if (my_mysqli_real_connect($link, $host, $user, $passwd, $db, $port, null, $flags)) { + $res = $link->query("SHOW STATUS LIKE 'Ssl_cipher'"); + $row = $res->fetch_row(); + if ($row[1] === "") { + die('skip Server started without SSL support'); + } +} +?> +--FILE-- +<?php + include "connect.inc"; + $db1 = new mysqli(); + + + $flags = MYSQLI_CLIENT_SSL; + + $link = mysqli_init(); + mysqli_ssl_set($link, null, null, null, null, "RC4-MD5"); + if (my_mysqli_real_connect($link, 'p:' . $host, $user, $passwd, $db, $port, null, $flags)) { + $r = $link->query("SHOW STATUS LIKE 'Ssl_cipher'"); + var_dump($r->fetch_row()); + } + + /* non-persistent connection */ + $link2 = mysqli_init(); + mysqli_ssl_set($link2, null, null, null, null, "RC4-MD5"); + if (my_mysqli_real_connect($link2, $host, $user, $passwd, $db, $port, null, $flags)) { + $r2 = $link2->query("SHOW STATUS LIKE 'Ssl_cipher'"); + var_dump($r2->fetch_row()); + } + + echo "done\n"; +?> +--EXPECTF-- +array(2) { + [0]=> + string(10) "Ssl_cipher" + [1]=> + string(7) "RC4-MD5" +} +array(2) { + [0]=> + string(10) "Ssl_cipher" + [1]=> + string(7) "RC4-MD5" +} +done \ No newline at end of file Modified: php/php-src/branches/PHP_5_4/ext/mysqli/mysqli_nonapi.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/mysqli/mysqli_nonapi.c 2011-08-05 13:19:58 UTC (rev 314329) +++ php/php-src/branches/PHP_5_4/ext/mysqli/mysqli_nonapi.c 2011-08-05 13:39:30 UTC (rev 314330) @@ -141,10 +141,12 @@ hostname = MyG(default_host); } - if (mysql->mysql && mysqli_resource && (mysqli_resource->status > MYSQLI_STATUS_INITIALIZED || (strlen(SAFE_STR(hostname)) > 2 && !strncasecmp(hostname, "p:", 2)))) { - /* already connected, we should close the connection */ - php_mysqli_close(mysql, MYSQLI_CLOSE_IMPLICIT, mysqli_resource->status TSRMLS_CC); - } + if (mysql->mysql && mysqli_resource && + (mysqli_resource->status > MYSQLI_STATUS_INITIALIZED)) + { + /* already connected, we should close the connection */ + php_mysqli_close(mysql, MYSQLI_CLOSE_IMPLICIT, mysqli_resource->status TSRMLS_CC); + } if (strlen(SAFE_STR(hostname)) > 2 && !strncasecmp(hostname, "p:", 2)) { hostname += 2; Added: php/php-src/branches/PHP_5_4/ext/mysqli/tests/bug55283.phpt =================================================================== --- php/php-src/branches/PHP_5_4/ext/mysqli/tests/bug55283.phpt (rev 0) +++ php/php-src/branches/PHP_5_4/ext/mysqli/tests/bug55283.phpt 2011-08-05 13:39:30 UTC (rev 314330) @@ -0,0 +1,55 @@ +--TEST-- +Bug #55283 (SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections) +--SKIPIF-- +<?php +require_once('skipif.inc'); +require_once('skipifconnectfailure.inc'); +$link = mysqli_init(); +mysqli_ssl_set($link, null, null, null, null, "RC4-MD5"); +if (my_mysqli_real_connect($link, $host, $user, $passwd, $db, $port, null, $flags)) { + $res = $link->query("SHOW STATUS LIKE 'Ssl_cipher'"); + $row = $res->fetch_row(); + if ($row[1] === "") { + die('skip Server started without SSL support'); + } +} +?> +--FILE-- +<?php + include "connect.inc"; + $db1 = new mysqli(); + + + $flags = MYSQLI_CLIENT_SSL; + + $link = mysqli_init(); + mysqli_ssl_set($link, null, null, null, null, "RC4-MD5"); + if (my_mysqli_real_connect($link, 'p:' . $host, $user, $passwd, $db, $port, null, $flags)) { + $r = $link->query("SHOW STATUS LIKE 'Ssl_cipher'"); + var_dump($r->fetch_row()); + } + + /* non-persistent connection */ + $link2 = mysqli_init(); + mysqli_ssl_set($link2, null, null, null, null, "RC4-MD5"); + if (my_mysqli_real_connect($link2, $host, $user, $passwd, $db, $port, null, $flags)) { + $r2 = $link2->query("SHOW STATUS LIKE 'Ssl_cipher'"); + var_dump($r2->fetch_row()); + } + + echo "done\n"; +?> +--EXPECTF-- +array(2) { + [0]=> + string(10) "Ssl_cipher" + [1]=> + string(7) "RC4-MD5" +} +array(2) { + [0]=> + string(10) "Ssl_cipher" + [1]=> + string(7) "RC4-MD5" +} +done \ No newline at end of file Modified: php/php-src/trunk/ext/mysqli/mysqli_nonapi.c =================================================================== --- php/php-src/trunk/ext/mysqli/mysqli_nonapi.c 2011-08-05 13:19:58 UTC (rev 314329) +++ php/php-src/trunk/ext/mysqli/mysqli_nonapi.c 2011-08-05 13:39:30 UTC (rev 314330) @@ -141,10 +141,12 @@ hostname = MyG(default_host); } - if (mysql->mysql && mysqli_resource && (mysqli_resource->status > MYSQLI_STATUS_INITIALIZED || (strlen(SAFE_STR(hostname)) > 2 && !strncasecmp(hostname, "p:", 2)))) { - /* already connected, we should close the connection */ - php_mysqli_close(mysql, MYSQLI_CLOSE_IMPLICIT, mysqli_resource->status TSRMLS_CC); - } + if (mysql->mysql && mysqli_resource && + (mysqli_resource->status > MYSQLI_STATUS_INITIALIZED)) + { + /* already connected, we should close the connection */ + php_mysqli_close(mysql, MYSQLI_CLOSE_IMPLICIT, mysqli_resource->status TSRMLS_CC); + } if (strlen(SAFE_STR(hostname)) > 2 && !strncasecmp(hostname, "p:", 2)) { hostname += 2; Added: php/php-src/trunk/ext/mysqli/tests/bug55283.phpt =================================================================== --- php/php-src/trunk/ext/mysqli/tests/bug55283.phpt (rev 0) +++ php/php-src/trunk/ext/mysqli/tests/bug55283.phpt 2011-08-05 13:39:30 UTC (rev 314330) @@ -0,0 +1,55 @@ +--TEST-- +Bug #55283 (SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections) +--SKIPIF-- +<?php +require_once('skipif.inc'); +require_once('skipifconnectfailure.inc'); +$link = mysqli_init(); +mysqli_ssl_set($link, null, null, null, null, "RC4-MD5"); +if (my_mysqli_real_connect($link, $host, $user, $passwd, $db, $port, null, $flags)) { + $res = $link->query("SHOW STATUS LIKE 'Ssl_cipher'"); + $row = $res->fetch_row(); + if ($row[1] === "") { + die('skip Server started without SSL support'); + } +} +?> +--FILE-- +<?php + include "connect.inc"; + $db1 = new mysqli(); + + + $flags = MYSQLI_CLIENT_SSL; + + $link = mysqli_init(); + mysqli_ssl_set($link, null, null, null, null, "RC4-MD5"); + if (my_mysqli_real_connect($link, 'p:' . $host, $user, $passwd, $db, $port, null, $flags)) { + $r = $link->query("SHOW STATUS LIKE 'Ssl_cipher'"); + var_dump($r->fetch_row()); + } + + /* non-persistent connection */ + $link2 = mysqli_init(); + mysqli_ssl_set($link2, null, null, null, null, "RC4-MD5"); + if (my_mysqli_real_connect($link2, $host, $user, $passwd, $db, $port, null, $flags)) { + $r2 = $link2->query("SHOW STATUS LIKE 'Ssl_cipher'"); + var_dump($r2->fetch_row()); + } + + echo "done\n"; +?> +--EXPECTF-- +array(2) { + [0]=> + string(10) "Ssl_cipher" + [1]=> + string(7) "RC4-MD5" +} +array(2) { + [0]=> + string(10) "Ssl_cipher" + [1]=> + string(7) "RC4-MD5" +} +done \ No newline at end of file
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php