subject:"\[PHP\-CVS\] svn\: \/php\/php\-src\/ branches\/PHP_5_3\/NEWS branches\/PHP_5_3\/ext\/openssl\/openssl.c branches\/PHP_5_4\/NEWS branches\/PHP_5_4\/ext\/openssl\/openssl.c trunk\/ext\/openssl\/openssl.c"

Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/openssl/openssl.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/openssl/openssl.c trunk/ext/openssl/openssl.c

2011-12-18 Thread Pierre Joye

hi,

do you have a test case for this crash?

Cheers,

On Sun, Dec 18, 2011 at 6:14 AM, Scott MacVicar scott...@php.net wrote:
 scottmac                                 Sun, 18 Dec 2011 05:14:32 +

 Revision: http://svn.php.net/viewvc?view=revisionrevision=321094

 Log:
 Fix segfault in older versions of OpenSSL (before 0.9.8i)

 Changed paths:
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
    U   php/php-src/branches/PHP_5_4/NEWS
    U   php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
    U   php/php-src/trunk/ext/openssl/openssl.c

 Modified: php/php-src/branches/PHP_5_3/NEWS
 ===
 --- php/php-src/branches/PHP_5_3/NEWS   2011-12-18 01:04:35 UTC (rev 321093)
 +++ php/php-src/branches/PHP_5_3/NEWS   2011-12-18 05:14:32 UTC (rev 321094)
 @@ -6,6 +6,9 @@
   . Added max_input_vars directive to prevent attacks based on hash collisions
     (Dmitry).

 +- OpenSSL:
 +  . Fix segfault with older versions of OpenSSL. (Scott)
 +
  - Streams:
   . Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected 
 together
     with the last read). (Gustavo)

 Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
 ===
 --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c  2011-12-18 01:04:35 
 UTC (rev 321093)
 +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c  2011-12-18 05:14:32 
 UTC (rev 321094)
 @@ -4713,7 +4713,9 @@
                EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len);
        }
        EVP_EncryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
 -       EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char *)data, 
 data_len);
 +       if (data_len  0) {
 +               EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char 
 *)data, data_len);
 +       }
        outlen = i;
        if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, i)) {
                outlen += i;

 Modified: php/php-src/branches/PHP_5_4/NEWS
 ===
 --- php/php-src/branches/PHP_5_4/NEWS   2011-12-18 01:04:35 UTC (rev 321093)
 +++ php/php-src/branches/PHP_5_4/NEWS   2011-12-18 05:14:32 UTC (rev 321094)
 @@ -5,11 +5,16 @@
   . Added max_input_vars directive to prevent attacks based on hash collisions
     (Dmitry).
   . Fixed bug #60536 (Traits Segfault). (Laruence)
 +
  - CLI SAPI:
   . Fixed bug #60477 (Segfault after two multipart/form-data POST requests,
     one 200 RQ and one 404). (Laruence)
   . Fixed bug #60523 (PHP Errors are not reported in browsers using built-in
     SAPI). (Laruence, Derick)
 +
 +- OpenSSL:
 +  . Fix segfault with older versions of OpenSSL. (Scott)
 +
  - Pdo Firebird:
   . Fixed bug #48877 (bindValue and bindParam do not work for PDO 
 Firebird).
     (Mariuz)

 Modified: php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
 ===
 --- php/php-src/branches/PHP_5_4/ext/openssl/openssl.c  2011-12-18 01:04:35 
 UTC (rev 321093)
 +++ php/php-src/branches/PHP_5_4/ext/openssl/openssl.c  2011-12-18 05:14:32 
 UTC (rev 321094)
 @@ -4740,7 +4740,9 @@
        if (options  OPENSSL_ZERO_PADDING) {
                EVP_CIPHER_CTX_set_padding(cipher_ctx, 0);
        }
 -       EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char *)data, 
 data_len);
 +       if (data_len  0) {
 +               EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char 
 *)data, data_len);
 +       }
        outlen = i;
        if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, i)) {
                outlen += i;

 Modified: php/php-src/trunk/ext/openssl/openssl.c
 ===
 --- php/php-src/trunk/ext/openssl/openssl.c     2011-12-18 01:04:35 UTC (rev 
 321093)
 +++ php/php-src/trunk/ext/openssl/openssl.c     2011-12-18 05:14:32 UTC (rev 
 321094)
 @@ -4736,7 +4736,9 @@
        if (options  OPENSSL_ZERO_PADDING) {
                EVP_CIPHER_CTX_set_padding(cipher_ctx, 0);
        }
 -       EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char *)data, 
 data_len);
 +       if (data_len  0) {
 +               EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char 
 *)data, data_len);
 +       }
        outlen = i;
        if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, i)) {
                outlen += i;


 --
 PHP CVS Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php



-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org

--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/openssl/openssl.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/openssl/openssl.c trunk/ext/openssl/openssl.c

2011-12-18 Thread Christopher Jones



I'm +1 on adding it for several reasons, one of which is there are plenty of 
RHEL 5 (and OL 5) sites out there.

Chris

PS the testcase wasn't attached to your email.

On 12/18/2011 12:03 PM, Scott MacVicar wrote:

It's not worth adding a test for, it's never going to re-occur and it only 
affects 4 year old versions of OpenSSL. Basically RHEL 5 is the only thing with 
a problem.

I wrote one but don't want to add a somewhat useless test. Attached, but the 
extra second to test running isn't worth it.





- Scott


On 18 Dec 2011, at 03:49, Pierre Joye wrote:


hi,

do you have a test case for this crash?

Cheers,

On Sun, Dec 18, 2011 at 6:14 AM, Scott MacVicarscott...@php.net  wrote:

scottmac Sun, 18 Dec 2011 05:14:32 +

Revision: http://svn.php.net/viewvc?view=revisionrevision=321094

Log:
Fix segfault in older versions of OpenSSL (before 0.9.8i)

Changed paths:
U   php/php-src/branches/PHP_5_3/NEWS
U   php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
U   php/php-src/branches/PHP_5_4/NEWS
U   php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
U   php/php-src/trunk/ext/openssl/openssl.c

Modified: php/php-src/branches/PHP_5_3/NEWS
===
--- php/php-src/branches/PHP_5_3/NEWS   2011-12-18 01:04:35 UTC (rev 321093)
+++ php/php-src/branches/PHP_5_3/NEWS   2011-12-18 05:14:32 UTC (rev 321094)
@@ -6,6 +6,9 @@
   . Added max_input_vars directive to prevent attacks based on hash collisions
 (Dmitry).

+- OpenSSL:
+  . Fix segfault with older versions of OpenSSL. (Scott)
+
  - Streams:
   . Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected 
together
 with the last read). (Gustavo)

Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
===
--- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c  2011-12-18 01:04:35 UTC 
(rev 321093)
+++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c  2011-12-18 05:14:32 UTC 
(rev 321094)
@@ -4713,7 +4713,9 @@
EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len);
}
EVP_EncryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
-   EVP_EncryptUpdate(cipher_ctx, outbuf,i, (unsigned char *)data, 
data_len);
+   if (data_len  0) {
+   EVP_EncryptUpdate(cipher_ctx, outbuf,i, (unsigned char 
*)data, data_len);
+   }
outlen = i;
if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i,i)) {
outlen += i;

Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS   2011-12-18 01:04:35 UTC (rev 321093)
+++ php/php-src/branches/PHP_5_4/NEWS   2011-12-18 05:14:32 UTC (rev 321094)
@@ -5,11 +5,16 @@
   . Added max_input_vars directive to prevent attacks based on hash collisions
 (Dmitry).
   . Fixed bug #60536 (Traits Segfault). (Laruence)
+
  - CLI SAPI:
   . Fixed bug #60477 (Segfault after two multipart/form-data POST requests,
 one 200 RQ and one 404). (Laruence)
   . Fixed bug #60523 (PHP Errors are not reported in browsers using built-in
 SAPI). (Laruence, Derick)
+
+- OpenSSL:
+  . Fix segfault with older versions of OpenSSL. (Scott)
+
  - Pdo Firebird:
   . Fixed bug #48877 (bindValue and bindParam do not work for PDO 
Firebird).
 (Mariuz)

Modified: php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
===
--- php/php-src/branches/PHP_5_4/ext/openssl/openssl.c  2011-12-18 01:04:35 UTC 
(rev 321093)
+++ php/php-src/branches/PHP_5_4/ext/openssl/openssl.c  2011-12-18 05:14:32 UTC 
(rev 321094)
@@ -4740,7 +4740,9 @@
if (options  OPENSSL_ZERO_PADDING) {
EVP_CIPHER_CTX_set_padding(cipher_ctx, 0);
}
-   EVP_EncryptUpdate(cipher_ctx, outbuf,i, (unsigned char *)data, 
data_len);
+   if (data_len  0) {
+   EVP_EncryptUpdate(cipher_ctx, outbuf,i, (unsigned char 
*)data, data_len);
+   }
outlen = i;
if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i,i)) {
outlen += i;

Modified: php/php-src/trunk/ext/openssl/openssl.c
===
--- php/php-src/trunk/ext/openssl/openssl.c 2011-12-18 01:04:35 UTC (rev 
321093)
+++ php/php-src/trunk/ext/openssl/openssl.c 2011-12-18 05:14:32 UTC (rev 
321094)
@@ -4736,7 +4736,9 @@
if (options  OPENSSL_ZERO_PADDING) {
EVP_CIPHER_CTX_set_padding(cipher_ctx, 0);
}
-   EVP_EncryptUpdate(cipher_ctx, outbuf,i, (unsigned char *)data, 
data_len);
+   if (data_len  0) {
+   EVP_EncryptUpdate(cipher_ctx, outbuf,i, (unsigned char 
*)data, data_len);
+   }
outlen = i;
if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i,i)) {
outlen += i;

Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/openssl/openssl.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/openssl/openssl.c trunk/ext/openssl/openssl.c

2011-12-18 Thread Pierre Joye

On Sun, Dec 18, 2011 at 9:03 PM, Scott MacVicar sc...@macvicar.net wrote:
 It's not worth adding a test for, it's never going to re-occur and it only 
 affects 4 year old versions of OpenSSL. Basically RHEL 5 is the only thing 
 with a problem.

 I wrote one but don't want to add a somewhat useless test. Attached, but the 
 extra second to test running isn't worth it.

As you have one at hand please apply it as well. There are still
systems with patched ssl version (using this release) out there.

Cheers,
-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/openssl/openssl.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/openssl/openssl.c trunk/ext/openssl/openssl.c

2011-12-17 Thread Scott MacVicar

scottmac Sun, 18 Dec 2011 05:14:32 +

Revision: http://svn.php.net/viewvc?view=revisionrevision=321094

Log:
Fix segfault in older versions of OpenSSL (before 0.9.8i)

Changed paths:
U   php/php-src/branches/PHP_5_3/NEWS
U   php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
U   php/php-src/branches/PHP_5_4/NEWS
U   php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
U   php/php-src/trunk/ext/openssl/openssl.c

Modified: php/php-src/branches/PHP_5_3/NEWS
===
--- php/php-src/branches/PHP_5_3/NEWS   2011-12-18 01:04:35 UTC (rev 321093)
+++ php/php-src/branches/PHP_5_3/NEWS   2011-12-18 05:14:32 UTC (rev 321094)
@@ -6,6 +6,9 @@
   . Added max_input_vars directive to prevent attacks based on hash collisions
 (Dmitry).

+- OpenSSL:
+  . Fix segfault with older versions of OpenSSL. (Scott)
+
 - Streams:
   . Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected 
together
 with the last read). (Gustavo)

Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c
===
--- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c  2011-12-18 01:04:35 UTC 
(rev 321093)
+++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c  2011-12-18 05:14:32 UTC 
(rev 321094)
@@ -4713,7 +4713,9 @@
EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len);
}
EVP_EncryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv);
-   EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char *)data, 
data_len);
+   if (data_len  0) {
+   EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char 
*)data, data_len);
+   }
outlen = i;
if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, i)) {
outlen += i;

Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS   2011-12-18 01:04:35 UTC (rev 321093)
+++ php/php-src/branches/PHP_5_4/NEWS   2011-12-18 05:14:32 UTC (rev 321094)
@@ -5,11 +5,16 @@
   . Added max_input_vars directive to prevent attacks based on hash collisions
 (Dmitry).
   . Fixed bug #60536 (Traits Segfault). (Laruence)
+
 - CLI SAPI:
   . Fixed bug #60477 (Segfault after two multipart/form-data POST requests,
 one 200 RQ and one 404). (Laruence)
   . Fixed bug #60523 (PHP Errors are not reported in browsers using built-in
 SAPI). (Laruence, Derick)
+
+- OpenSSL:
+  . Fix segfault with older versions of OpenSSL. (Scott)
+
 - Pdo Firebird:
   . Fixed bug #48877 (bindValue and bindParam do not work for PDO 
Firebird).
 (Mariuz)

Modified: php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
===
--- php/php-src/branches/PHP_5_4/ext/openssl/openssl.c  2011-12-18 01:04:35 UTC 
(rev 321093)
+++ php/php-src/branches/PHP_5_4/ext/openssl/openssl.c  2011-12-18 05:14:32 UTC 
(rev 321094)
@@ -4740,7 +4740,9 @@
if (options  OPENSSL_ZERO_PADDING) {
EVP_CIPHER_CTX_set_padding(cipher_ctx, 0);
}
-   EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char *)data, 
data_len);
+   if (data_len  0) {
+   EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char 
*)data, data_len);
+   }
outlen = i;
if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, i)) {
outlen += i;

Modified: php/php-src/trunk/ext/openssl/openssl.c
===
--- php/php-src/trunk/ext/openssl/openssl.c 2011-12-18 01:04:35 UTC (rev 
321093)
+++ php/php-src/trunk/ext/openssl/openssl.c 2011-12-18 05:14:32 UTC (rev 
321094)
@@ -4736,7 +4736,9 @@
if (options  OPENSSL_ZERO_PADDING) {
EVP_CIPHER_CTX_set_padding(cipher_ctx, 0);
}
-   EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char *)data, 
data_len);
+   if (data_len  0) {
+   EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char 
*)data, data_len);
+   }
outlen = i;
if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, i)) {
outlen += i;

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/openssl/openssl.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/openssl/openssl.c trunk/ext/openssl/openssl.c

Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/openssl/openssl.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/openssl/openssl.c trunk/ext/openssl/openssl.c

Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/openssl/openssl.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/openssl/openssl.c trunk/ext/openssl/openssl.c

[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/openssl/openssl.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/openssl/openssl.c trunk/ext/openssl/openssl.c

4 matches

Site Navigation

Mail list logo

Footer information