scottmac Sun, 18 Dec 2011 05:14:32 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=321094
Log: Fix segfault in older versions of OpenSSL (before 0.9.8i) Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/openssl/openssl.c U php/php-src/trunk/ext/openssl/openssl.c Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2011-12-18 01:04:35 UTC (rev 321093) +++ php/php-src/branches/PHP_5_3/NEWS 2011-12-18 05:14:32 UTC (rev 321094) @@ -6,6 +6,9 @@ . Added max_input_vars directive to prevent attacks based on hash collisions (Dmitry). +- OpenSSL: + . Fix segfault with older versions of OpenSSL. (Scott) + - Streams: . Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected together with the last read). (Gustavo) Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-12-18 01:04:35 UTC (rev 321093) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-12-18 05:14:32 UTC (rev 321094) @@ -4713,7 +4713,9 @@ EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); } EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); - EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); + if (data_len > 0) { + EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); + } outlen = i; if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { outlen += i; Modified: php/php-src/branches/PHP_5_4/NEWS =================================================================== --- php/php-src/branches/PHP_5_4/NEWS 2011-12-18 01:04:35 UTC (rev 321093) +++ php/php-src/branches/PHP_5_4/NEWS 2011-12-18 05:14:32 UTC (rev 321094) @@ -5,11 +5,16 @@ . Added max_input_vars directive to prevent attacks based on hash collisions (Dmitry). . Fixed bug #60536 (Traits Segfault). (Laruence) + - CLI SAPI: . Fixed bug #60477 (Segfault after two multipart/form-data POST requests, one 200 RQ and one 404). (Laruence) . Fixed bug #60523 (PHP Errors are not reported in browsers using built-in SAPI). (Laruence, Derick) + +- OpenSSL: + . Fix segfault with older versions of OpenSSL. (Scott) + - Pdo Firebird: . Fixed bug #48877 ("bindValue" and "bindParam" do not work for PDO Firebird). (Mariuz) Modified: php/php-src/branches/PHP_5_4/ext/openssl/openssl.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2011-12-18 01:04:35 UTC (rev 321093) +++ php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2011-12-18 05:14:32 UTC (rev 321094) @@ -4740,7 +4740,9 @@ if (options & OPENSSL_ZERO_PADDING) { EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); } - EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); + if (data_len > 0) { + EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); + } outlen = i; if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { outlen += i; Modified: php/php-src/trunk/ext/openssl/openssl.c =================================================================== --- php/php-src/trunk/ext/openssl/openssl.c 2011-12-18 01:04:35 UTC (rev 321093) +++ php/php-src/trunk/ext/openssl/openssl.c 2011-12-18 05:14:32 UTC (rev 321094) @@ -4736,7 +4736,9 @@ if (options & OPENSSL_ZERO_PADDING) { EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); } - EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); + if (data_len > 0) { + EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, data_len); + } outlen = i; if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { outlen += i;
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php