[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/ext/openssl/openssl.c trunk/ext/openssl/openssl.c

Wed, 07 Dec 2011 12:51:00 -0800 

scottmac                                 Wed, 07 Dec 2011 20:50:33 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=320612

Log:
Make sure that we set the strong crypto result to false as well as returning 
false.

Changed paths:
    U   php/php-src/branches/PHP_5_4/NEWS
    U   php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
    U   php/php-src/trunk/ext/openssl/openssl.c

Modified: php/php-src/branches/PHP_5_4/NEWS
===================================================================
--- php/php-src/branches/PHP_5_4/NEWS   2011-12-07 20:36:39 UTC (rev 320611)
+++ php/php-src/branches/PHP_5_4/NEWS   2011-12-07 20:50:33 UTC (rev 320612)
@@ -18,6 +18,10 @@

 - Intl:
   . Added support for UTS #46. (Gustavo)
+
+- OpenSSL:
+  . On error in openssl_random_pseudo_bytes() make sure we set strong result
+    to false. (Scott)

 - Reflection:
   . Fixed bug #60367 (Reflection and Late Static Binding). (Laruence)

Modified: php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/openssl/openssl.c  2011-12-07 20:36:39 UTC 
(rev 320611)
+++ php/php-src/branches/PHP_5_4/ext/openssl/openssl.c  2011-12-07 20:50:33 UTC 
(rev 320612)
@@ -4941,13 +4941,19 @@
 #ifdef PHP_WIN32
        strong_result = 1;
        /* random/urandom equivalent on Windows */
-       if (php_win32_get_random_bytes(buffer, (size_t) buffer_length) == 
FAILURE){
+       if (php_win32_get_random_bytes(buffer, (size_t) buffer_length) == 
FAILURE) {
                efree(buffer);
+               if (zstrong_result_returned) {
+                       ZVAL_BOOL(zstrong_result_returned, 0);
+               }
                RETURN_FALSE;
        }
 #else
        if ((strong_result = RAND_pseudo_bytes(buffer, buffer_length)) < 0) {
                efree(buffer);
+               if (zstrong_result_returned) {
+                       ZVAL_BOOL(zstrong_result_returned, 0);
+               }
                RETURN_FALSE;
        }
 #endif

Modified: php/php-src/trunk/ext/openssl/openssl.c
===================================================================
--- php/php-src/trunk/ext/openssl/openssl.c     2011-12-07 20:36:39 UTC (rev 
320611)
+++ php/php-src/trunk/ext/openssl/openssl.c     2011-12-07 20:50:33 UTC (rev 
320612)
@@ -4939,11 +4939,17 @@
        /* random/urandom equivalent on Windows */
        if (php_win32_get_random_bytes(buffer, (size_t) buffer_length) == 
FAILURE){
                efree(buffer);
+               if (zstrong_result_returned) {
+                       ZVAL_BOOL(zstrong_result_returned, 0);
+               }
                RETURN_FALSE;
        }
 #else
        if ((strong_result = RAND_pseudo_bytes(buffer, buffer_length)) < 0) {
                efree(buffer);
+               if (zstrong_result_returned) {
+                       ZVAL_BOOL(zstrong_result_returned, 0);
+               }
                RETURN_FALSE;
        }
 #endif


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to