scottmac Sun, 18 Dec 2011 05:14:32 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=321094
Log:
Fix segfault in older versions of OpenSSL (before 0.9.8i)
Changed paths:
U php/php-src/branches/PHP_5_3/NEWS
U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
U php/php-src/trunk/ext/openssl/openssl.c
Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS 2011-12-18 01:04:35 UTC (rev 321093)
+++ php/php-src/branches/PHP_5_3/NEWS 2011-12-18 05:14:32 UTC (rev 321094)
@@ -6,6 +6,9 @@
. Added max_input_vars directive to prevent attacks based on hash collisions
(Dmitry).
+- OpenSSL:
+ . Fix segfault with older versions of OpenSSL. (Scott)
+
- Streams:
. Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected
together
with the last read). (Gustavo)
Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-12-18 01:04:35 UTC
(rev 321093)
+++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-12-18 05:14:32 UTC
(rev 321094)
@@ -4713,7 +4713,9 @@
EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
}
EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
- EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data,
data_len);
+ if (data_len > 0) {
+ EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char
*)data, data_len);
+ }
outlen = i;
if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) {
outlen += i;
Modified: php/php-src/branches/PHP_5_4/NEWS
===================================================================
--- php/php-src/branches/PHP_5_4/NEWS 2011-12-18 01:04:35 UTC (rev 321093)
+++ php/php-src/branches/PHP_5_4/NEWS 2011-12-18 05:14:32 UTC (rev 321094)
@@ -5,11 +5,16 @@
. Added max_input_vars directive to prevent attacks based on hash collisions
(Dmitry).
. Fixed bug #60536 (Traits Segfault). (Laruence)
+
- CLI SAPI:
. Fixed bug #60477 (Segfault after two multipart/form-data POST requests,
one 200 RQ and one 404). (Laruence)
. Fixed bug #60523 (PHP Errors are not reported in browsers using built-in
SAPI). (Laruence, Derick)
+
+- OpenSSL:
+ . Fix segfault with older versions of OpenSSL. (Scott)
+
- Pdo Firebird:
. Fixed bug #48877 ("bindValue" and "bindParam" do not work for PDO
Firebird).
(Mariuz)
Modified: php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2011-12-18 01:04:35 UTC
(rev 321093)
+++ php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2011-12-18 05:14:32 UTC
(rev 321094)
@@ -4740,7 +4740,9 @@
if (options & OPENSSL_ZERO_PADDING) {
EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0);
}
- EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data,
data_len);
+ if (data_len > 0) {
+ EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char
*)data, data_len);
+ }
outlen = i;
if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) {
outlen += i;
Modified: php/php-src/trunk/ext/openssl/openssl.c
===================================================================
--- php/php-src/trunk/ext/openssl/openssl.c 2011-12-18 01:04:35 UTC (rev
321093)
+++ php/php-src/trunk/ext/openssl/openssl.c 2011-12-18 05:14:32 UTC (rev
321094)
@@ -4736,7 +4736,9 @@
if (options & OPENSSL_ZERO_PADDING) {
EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0);
}
- EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data,
data_len);
+ if (data_len > 0) {
+ EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char
*)data, data_len);
+ }
outlen = i;
if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) {
outlen += i;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
