scottmac                                 Sun, 18 Dec 2011 05:14:32 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=321094

Log:
Fix segfault in older versions of OpenSSL (before 0.9.8i)

Changed paths:
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
    U   php/php-src/branches/PHP_5_4/NEWS
    U   php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
    U   php/php-src/trunk/ext/openssl/openssl.c

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2011-12-18 01:04:35 UTC (rev 321093)
+++ php/php-src/branches/PHP_5_3/NEWS   2011-12-18 05:14:32 UTC (rev 321094)
@@ -6,6 +6,9 @@
   . Added max_input_vars directive to prevent attacks based on hash collisions
     (Dmitry).

+- OpenSSL:
+  . Fix segfault with older versions of OpenSSL. (Scott)
+
 - Streams:
   . Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected 
together
     with the last read). (Gustavo)

Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c  2011-12-18 01:04:35 UTC 
(rev 321093)
+++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c  2011-12-18 05:14:32 UTC 
(rev 321094)
@@ -4713,7 +4713,9 @@
                EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len);
        }
        EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
-       EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, 
data_len);
+       if (data_len > 0) {
+               EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char 
*)data, data_len);
+       }
        outlen = i;
        if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) {
                outlen += i;

Modified: php/php-src/branches/PHP_5_4/NEWS
===================================================================
--- php/php-src/branches/PHP_5_4/NEWS   2011-12-18 01:04:35 UTC (rev 321093)
+++ php/php-src/branches/PHP_5_4/NEWS   2011-12-18 05:14:32 UTC (rev 321094)
@@ -5,11 +5,16 @@
   . Added max_input_vars directive to prevent attacks based on hash collisions
     (Dmitry).
   . Fixed bug #60536 (Traits Segfault). (Laruence)
+
 - CLI SAPI:
   . Fixed bug #60477 (Segfault after two multipart/form-data POST requests,
     one 200 RQ and one 404). (Laruence)
   . Fixed bug #60523 (PHP Errors are not reported in browsers using built-in
     SAPI). (Laruence, Derick)
+
+- OpenSSL:
+  . Fix segfault with older versions of OpenSSL. (Scott)
+
 - Pdo Firebird:
   . Fixed bug #48877 ("bindValue" and "bindParam" do not work for PDO 
Firebird).
     (Mariuz)

Modified: php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/openssl/openssl.c  2011-12-18 01:04:35 UTC 
(rev 321093)
+++ php/php-src/branches/PHP_5_4/ext/openssl/openssl.c  2011-12-18 05:14:32 UTC 
(rev 321094)
@@ -4740,7 +4740,9 @@
        if (options & OPENSSL_ZERO_PADDING) {
                EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0);
        }
-       EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, 
data_len);
+       if (data_len > 0) {
+               EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char 
*)data, data_len);
+       }
        outlen = i;
        if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) {
                outlen += i;

Modified: php/php-src/trunk/ext/openssl/openssl.c
===================================================================
--- php/php-src/trunk/ext/openssl/openssl.c     2011-12-18 01:04:35 UTC (rev 
321093)
+++ php/php-src/trunk/ext/openssl/openssl.c     2011-12-18 05:14:32 UTC (rev 
321094)
@@ -4736,7 +4736,9 @@
        if (options & OPENSSL_ZERO_PADDING) {
                EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0);
        }
-       EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, 
data_len);
+       if (data_len > 0) {
+               EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char 
*)data, data_len);
+       }
        outlen = i;
        if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) {
                outlen += i;

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to