hnangelo Tue Jul 15 03:04:26 2008 UTC Modified files: /php-src/ext/openssl openssl.c /php-src/ext/openssl/tests 023.phpt 025.phpt cert.crt private.key Log: Fix uninitilized variables in openssl_pkcs7_encrypt() and openssl_pkcs7_sign()
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.162&r2=1.163&diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.162 php-src/ext/openssl/openssl.c:1.163 --- php-src/ext/openssl/openssl.c:1.162 Tue Jul 15 02:46:26 2008 +++ php-src/ext/openssl/openssl.c Tue Jul 15 03:04:25 2008 @@ -20,7 +20,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: openssl.c,v 1.162 2008/07/15 02:46:26 hnangelo Exp $ */ +/* $Id: openssl.c,v 1.163 2008/07/15 03:04:25 hnangelo Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -3513,6 +3513,7 @@ if (zheaders) { zend_hash_internal_pointer_reset_ex(HASH_OF(zheaders), &hpos); while(zend_hash_get_current_data_ex(HASH_OF(zheaders), (void**)&zcertval, &hpos) == SUCCESS) { + strindex.s = NULL; zend_hash_get_current_key_ex(HASH_OF(zheaders), &strindex, &strindexlen, &intindex, 0, &hpos); convert_to_string_ex(zcertval); @@ -3622,6 +3623,7 @@ if (zheaders) { zend_hash_internal_pointer_reset_ex(HASH_OF(zheaders), &hpos); while(zend_hash_get_current_data_ex(HASH_OF(zheaders), (void**)&hval, &hpos) == SUCCESS) { + strindex.s = NULL; zend_hash_get_current_key_ex(HASH_OF(zheaders), &strindex, &strindexlen, &intindex, 0, &hpos); convert_to_string_ex(hval); http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/023.phpt?r1=1.1&r2=1.2&diff_format=u Index: php-src/ext/openssl/tests/023.phpt diff -u /dev/null php-src/ext/openssl/tests/023.phpt:1.2 --- /dev/null Tue Jul 15 03:04:26 2008 +++ php-src/ext/openssl/tests/023.phpt Tue Jul 15 03:04:26 2008 @@ -0,0 +1,65 @@ +--TEST-- +openssl_pkcs7_encrypt() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$infile = (binary) (dirname(__FILE__) . "/cert.crt"); +$outfile = (binary) tempnam(b"/tmp", b"ssl"); +if ($outfile === false) + die("failed to get a temporary filename!"); + +$single_cert = (binary) ("file://" . dirname(__FILE__) . "/cert.crt"); +$multi_certs = array($single_cert, $single_cert); +$assoc_headers = array("To" => "[EMAIL PROTECTED]", "Subject" => "testing openssl_pkcs7_encrypt()"); +$assoc_headers_bin = array(b"To" => b"[EMAIL PROTECTED]", b"Subject" => b"testing openssl_pkcs7_encrypt()"); +$headers = array("[EMAIL PROTECTED]", "testing openssl_pkcs7_encrypt()"); +$headers_bin = array(b"[EMAIL PROTECTED]", b"testing openssl_pkcs7_encrypt()"); +$empty_headers = array(); +$unicode_headers = array("\u0500" => "test", "test" => "invalid unicode\u0500"); +$wrong = "wrong"; +$wrong2 = b"wrong"; +$empty = b""; + +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $headers_bin)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $assoc_headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $assoc_headers_bin)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $empty_headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $unicode_headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $wrong)); +var_dump(openssl_pkcs7_encrypt($wrong, $outfile, $single_cert, $headers)); +var_dump(openssl_pkcs7_encrypt($empty, $outfile, $single_cert, $headers)); +var_dump(openssl_pkcs7_encrypt($infile, $empty, $single_cert, $headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $wrong, $headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $wrong2, $headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $empty, $headers)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $empty)); +var_dump(openssl_pkcs7_encrypt($infile, $outfile, $multi_certs, $headers)); + +if (file_exists($outfile)) { + echo "true\n"; + unlink($outfile); +} +?> +--EXPECTF-- +bool(true) +bool(true) +bool(true) +bool(true) +bool(true) +bool(true) + +Warning: openssl_pkcs7_encrypt() expects parameter 4 to be array, Unicode string given in %s on line %d +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) + +Warning: openssl_pkcs7_encrypt() expects parameter 4 to be array, binary string given in %s on line %d +bool(false) +bool(true) +true http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/025.phpt?r1=1.1&r2=1.2&diff_format=u Index: php-src/ext/openssl/tests/025.phpt diff -u /dev/null php-src/ext/openssl/tests/025.phpt:1.2 --- /dev/null Tue Jul 15 03:04:26 2008 +++ php-src/ext/openssl/tests/025.phpt Tue Jul 15 03:04:26 2008 @@ -0,0 +1,83 @@ +--TEST-- +openssl_pkcs7_sign() tests +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$infile = (binary) (dirname(__FILE__) . "/cert.crt"); +$outfile = (binary) tempnam(b"/tmp", b"ssl"); +if ($outfile === false) + die("failed to get a temporary filename!"); + +$privkey = (binary) ("file://" . dirname(__FILE__) . "/private.key"); +$single_cert = (binary) ("file://" . dirname(__FILE__) . "/cert.crt"); +$assoc_headers = array("To" => "[EMAIL PROTECTED]", "Subject" => "testing openssl_pkcs7_sign()"); +$assoc_headers_bin = array(b"To" => b"[EMAIL PROTECTED]", b"Subject" => b"testing openssl_pkcs7_sign()"); +$headers = array("[EMAIL PROTECTED]", "testing openssl_pkcs7_sign()"); +$headers_bin = array(b"[EMAIL PROTECTED]", b"testing openssl_pkcs7_sign()"); +$empty_headers = array(); +$unicode_headers = array("\u0500" => "test", "test" => "invalid unicode\u0500"); +$wrong = "wrong"; +$wrong2 = b"wrong"; +$empty = b""; + +var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $privkey, $headers)); +var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $privkey, $headers_bin)); +var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $privkey, $assoc_headers)); +var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $privkey, $assoc_headers_bin)); +var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $privkey, $empty_headers)); +var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $privkey, $unicode_headers)); +var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $privkey, $wrong)); +var_dump(openssl_pkcs7_sign($wrong, $outfile, $single_cert, $privkey, $headers)); +var_dump(openssl_pkcs7_sign($empty, $outfile, $single_cert, $privkey, $headers)); +var_dump(openssl_pkcs7_sign($infile, $empty, $single_cert, $privkey, $headers)); +var_dump(openssl_pkcs7_sign($infile, $outfile, $wrong, $privkey, $headers)); +var_dump(openssl_pkcs7_sign($infile, $outfile, $wrong2, $privkey, $headers)); +var_dump(openssl_pkcs7_sign($infile, $outfile, $empty, $privkey, $headers)); +var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $privkey, $empty)); +var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $wrong, $headers)); +var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $wrong2, $headers)); + +if (file_exists($outfile)) { + echo "true\n"; + unlink($outfile); +} +?> +--EXPECTF-- +bool(true) +bool(true) +bool(true) +bool(true) +bool(true) +bool(true) + +Warning: openssl_pkcs7_sign() expects parameter 5 to be array, Unicode string given in %s on line %d +NULL + +Warning: openssl_pkcs7_sign(): error opening input file %s in %s on line %d +bool(false) + +Warning: openssl_pkcs7_sign(): error opening input file %s in %s on line %d +bool(false) + +Warning: openssl_pkcs7_sign(): error opening output file %s in %s on line %d +bool(false) + +Warning: openssl_pkcs7_sign(): error getting cert in %s on line %d +bool(false) + +Warning: openssl_pkcs7_sign(): error getting cert in %s on line %d +bool(false) + +Warning: openssl_pkcs7_sign(): error getting cert in %s on line %d +bool(false) + +Warning: openssl_pkcs7_sign() expects parameter 5 to be array, binary string given in %s on line %d +NULL + +Warning: openssl_pkcs7_sign(): error getting private key in %s on line %d +bool(false) + +Warning: openssl_pkcs7_sign(): error getting private key in %s on line %d +bool(false) +true http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/cert.crt?r1=1.1&r2=1.2&diff_format=u Index: php-src/ext/openssl/tests/cert.crt diff -u /dev/null php-src/ext/openssl/tests/cert.crt:1.2 --- /dev/null Tue Jul 15 03:04:26 2008 +++ php-src/ext/openssl/tests/cert.crt Tue Jul 15 03:04:26 2008 @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbDCCAtWgAwIBAgIJAK7FVsxyN1CiMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYD +VQQGEwJCUjEaMBgGA1UECBMRUmlvIEdyYW5kZSBkbyBTdWwxFTATBgNVBAcTDFBv +cnRvIEFsZWdyZTEeMBwGA1UEAxMVSGVucmlxdWUgZG8gTi4gQW5nZWxvMR8wHQYJ +KoZIhvcNAQkBFhBobmFuZ2Vsb0BwaHAubmV0MB4XDTA4MDYzMDEwMjg0M1oXDTA4 +MDczMDEwMjg0M1owgYExCzAJBgNVBAYTAkJSMRowGAYDVQQIExFSaW8gR3JhbmRl +IGRvIFN1bDEVMBMGA1UEBxMMUG9ydG8gQWxlZ3JlMR4wHAYDVQQDExVIZW5yaXF1 +ZSBkbyBOLiBBbmdlbG8xHzAdBgkqhkiG9w0BCQEWEGhuYW5nZWxvQHBocC5uZXQw +gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMteno+QK1ulX4/WDAVBYfoTPRTz +e4SZLwgael4jwWTytj+8c5nNllrFELD6WjJzfjaoIMhCF4w4I2bkWR6/PTqrvnv+ +iiiItHfKvJgYqIobUhkiKmWa2wL3mgqvNRIqTrTC4jWZuCkxQ/ksqL9O/F6zk+aR +S1d+KbPaqCR5Rw+lAgMBAAGjgekwgeYwHQYDVR0OBBYEFNt+QHK9XDWF7CkpgRLo +Ymhqtz99MIG2BgNVHSMEga4wgauAFNt+QHK9XDWF7CkpgRLoYmhqtz99oYGHpIGE +MIGBMQswCQYDVQQGEwJCUjEaMBgGA1UECBMRUmlvIEdyYW5kZSBkbyBTdWwxFTAT +BgNVBAcTDFBvcnRvIEFsZWdyZTEeMBwGA1UEAxMVSGVucmlxdWUgZG8gTi4gQW5n +ZWxvMR8wHQYJKoZIhvcNAQkBFhBobmFuZ2Vsb0BwaHAubmV0ggkArsVWzHI3UKIw +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCP1GUnStC0TBqngr3Kx+zS +UW8KutKO0ORc5R8aV/x9LlaJrzPyQJgiPpu5hXogLSKRIHxQS3X2+Y0VvIpW72LW +PVKPhYlNtO3oKnfoJGKin0eEhXRZMjfEW/kznY+ZZmNifV2r8s+KhNAqI4PbClvn +4vh8xF/9+eVEj+hM+0OflA== +-----END CERTIFICATE----- http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/tests/private.key?r1=1.1&r2=1.2&diff_format=u Index: php-src/ext/openssl/tests/private.key diff -u /dev/null php-src/ext/openssl/tests/private.key:1.2 --- /dev/null Tue Jul 15 03:04:26 2008 +++ php-src/ext/openssl/tests/private.key Tue Jul 15 03:04:26 2008 @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDLXp6PkCtbpV+P1gwFQWH6Ez0U83uEmS8IGnpeI8Fk8rY/vHOZ +zZZaxRCw+loyc342qCDIQheMOCNm5Fkevz06q757/oooiLR3yryYGKiKG1IZIipl +mtsC95oKrzUSKk60wuI1mbgpMUP5LKi/Tvxes5PmkUtXfimz2qgkeUcPpQIDAQAB +AoGBAMcP/dp+fsI9FFYBaVC3mASlUjOwxKWdH3kqGb8N9p4uKRAoEWtp3hNJM7ZX +x3P8sn0jgrsiXlRFGvn65/T9shp8hj+CdJKg2jKCs7S58v60TLfSvOQSIYsw9Qm9 +Bsx4hKfz+d52ptuJRbv8tDxsYP3D/KjQfpX1OysiP/WBfeg9AkEA+AGT0goqjWOM +YgFtZGrefIegF31XSCQTaLIml6/2JwF+oBKjJUQFar2Rwn6qUwrsGtSPMM0Iz8ry +9uvUbs8PPwJBANHsuTVWzLf8TJNGc+xIlhvzKFkF0nJIWx4ozhlMNDQMMF/3FRSo +zvHIgUnpG9Vwa2GtjTDnD8jHtzTauAZmjBsCQCGDVQ5VAVsJ0LaNqtKe/mGlkiSa +c2j0Nws2x7BHvuOWeB35ZsJqZrD93OyDYVDHcRBPGOpnSoGJ0zs6swImSNECQHSH +0BgH4wSPDYMDrP4RHSLOzCr+zF+cQthvFll8r83kpkXfRth9DMOy5fI9cLH/Adzr +FmF7Iov2MYEpmNYUvtkCQHfW0ntkVY9xS2/VTs57F5tUkfNG2hG74pJM6vSfTNWn +R/oI5m2sDtRWQ88LCYJMEmIZhN00Ys4xOSoTs+SUakY= +-----END RSA PRIVATE KEY-----
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php