hi, do you have a test case for this crash?
Cheers, On Sun, Dec 18, 2011 at 6:14 AM, Scott MacVicar <scott...@php.net> wrote: > scottmac Sun, 18 Dec 2011 05:14:32 +0000 > > Revision: http://svn.php.net/viewvc?view=revision&revision=321094 > > Log: > Fix segfault in older versions of OpenSSL (before 0.9.8i) > > Changed paths: > U php/php-src/branches/PHP_5_3/NEWS > U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c > U php/php-src/branches/PHP_5_4/NEWS > U php/php-src/branches/PHP_5_4/ext/openssl/openssl.c > U php/php-src/trunk/ext/openssl/openssl.c > > Modified: php/php-src/branches/PHP_5_3/NEWS > =================================================================== > --- php/php-src/branches/PHP_5_3/NEWS 2011-12-18 01:04:35 UTC (rev 321093) > +++ php/php-src/branches/PHP_5_3/NEWS 2011-12-18 05:14:32 UTC (rev 321094) > @@ -6,6 +6,9 @@ > . Added max_input_vars directive to prevent attacks based on hash collisions > (Dmitry). > > +- OpenSSL: > + . Fix segfault with older versions of OpenSSL. (Scott) > + > - Streams: > . Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected > together > with the last read). (Gustavo) > > Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c > =================================================================== > --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-12-18 01:04:35 > UTC (rev 321093) > +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-12-18 05:14:32 > UTC (rev 321094) > @@ -4713,7 +4713,9 @@ > EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); > } > EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); > - EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, > data_len); > + if (data_len > 0) { > + EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char > *)data, data_len); > + } > outlen = i; > if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { > outlen += i; > > Modified: php/php-src/branches/PHP_5_4/NEWS > =================================================================== > --- php/php-src/branches/PHP_5_4/NEWS 2011-12-18 01:04:35 UTC (rev 321093) > +++ php/php-src/branches/PHP_5_4/NEWS 2011-12-18 05:14:32 UTC (rev 321094) > @@ -5,11 +5,16 @@ > . Added max_input_vars directive to prevent attacks based on hash collisions > (Dmitry). > . Fixed bug #60536 (Traits Segfault). (Laruence) > + > - CLI SAPI: > . Fixed bug #60477 (Segfault after two multipart/form-data POST requests, > one 200 RQ and one 404). (Laruence) > . Fixed bug #60523 (PHP Errors are not reported in browsers using built-in > SAPI). (Laruence, Derick) > + > +- OpenSSL: > + . Fix segfault with older versions of OpenSSL. (Scott) > + > - Pdo Firebird: > . Fixed bug #48877 ("bindValue" and "bindParam" do not work for PDO > Firebird). > (Mariuz) > > Modified: php/php-src/branches/PHP_5_4/ext/openssl/openssl.c > =================================================================== > --- php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2011-12-18 01:04:35 > UTC (rev 321093) > +++ php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2011-12-18 05:14:32 > UTC (rev 321094) > @@ -4740,7 +4740,9 @@ > if (options & OPENSSL_ZERO_PADDING) { > EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); > } > - EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, > data_len); > + if (data_len > 0) { > + EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char > *)data, data_len); > + } > outlen = i; > if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { > outlen += i; > > Modified: php/php-src/trunk/ext/openssl/openssl.c > =================================================================== > --- php/php-src/trunk/ext/openssl/openssl.c 2011-12-18 01:04:35 UTC (rev > 321093) > +++ php/php-src/trunk/ext/openssl/openssl.c 2011-12-18 05:14:32 UTC (rev > 321094) > @@ -4736,7 +4736,9 @@ > if (options & OPENSSL_ZERO_PADDING) { > EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); > } > - EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, > data_len); > + if (data_len > 0) { > + EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char > *)data, data_len); > + } > outlen = i; > if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf + i, &i)) { > outlen += i; > > > -- > PHP CVS Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
