[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/win32/winutil.c branches/PHP_5_4/NEWS branches/PHP_5_4/win32/winutil.c trunk/win32/winutil.c

Fri, 27 Jan 2012 02:56:56 -0800 

pajoye                                   Fri, 27 Jan 2012 10:56:33 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=322843

Log:
- fix #60895, possible invalid handler usage

Bug: https://bugs.php.net/60895 (Open) null pointer dereference in 
php_win32_free_rng_lock()
      
Changed paths:
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/win32/winutil.c
    U   php/php-src/branches/PHP_5_4/NEWS
    U   php/php-src/branches/PHP_5_4/win32/winutil.c
    U   php/php-src/trunk/win32/winutil.c

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2012-01-27 10:00:18 UTC (rev 322842)
+++ php/php-src/branches/PHP_5_3/NEWS   2012-01-27 10:56:33 UTC (rev 322843)
@@ -3,23 +3,25 @@
 ?? ?? 2012, PHP 5.3.10

 - Core:
- . Fixed bug #60227 (header() cannot detect the multi-line header with CR).
-   (rui)
- . Fixed bug #60825 (Segfault when running symfony 2 tests).
-   (Dmitry, Laruence)
+  . Fixed bug #60227 (header() cannot detect the multi-line header with CR).
+    (rui)
+  . Fixed bug #60825 (Segfault when running symfony 2 tests).
+    (Dmitry, Laruence)
+  . Fix bug #60895 (Possible invalid handler usage in windows random
+    functions). (Pierre)

 - Firebird Database extension (ibase):
- . Fixed bug #60802 (ibase_trans() gives segfault when passing params).
+  . Fixed bug #60802 (ibase_trans() gives segfault when passing params).

 - Streams:
- . Further fix for bug #60455 (stream_get_line misbehaves if EOF is not 
detected
-   together with the last read). (Gustavo)
- . Fixed bug #60817 (stream_get_line() reads from stream even when there is
-   already sufficient data buffered). stream_get_line() now behaves more like
-   fgets(), as is documented. (Gustavo)
+  . Further fix for bug #60455 (stream_get_line misbehaves if EOF is not 
detected
+    together with the last read). (Gustavo)
+  . Fixed bug #60817 (stream_get_line() reads from stream even when there is
+    already sufficient data buffered). stream_get_line() now behaves more like
+    fgets(), as is documented. (Gustavo)

 - PHP-FPM SAPI:
- . Fixed bug #60811 (php-fpm compilation problem). (rasmus)
+  . Fixed bug #60811 (php-fpm compilation problem). (rasmus)

 10 Jan 2012, PHP 5.3.9


Modified: php/php-src/branches/PHP_5_3/win32/winutil.c
===================================================================
--- php/php-src/branches/PHP_5_3/win32/winutil.c        2012-01-27 10:00:18 UTC 
(rev 322842)
+++ php/php-src/branches/PHP_5_3/win32/winutil.c        2012-01-27 10:56:33 UTC 
(rev 322843)
@@ -62,8 +62,10 @@
 void php_win32_free_rng_lock()
 {
        tsrm_mutex_lock(php_lock_win32_cryptoctx);
-       CryptReleaseContext(hCryptProv, 0);
-       has_crypto_ctx = 0;
+       if (has_crypto_ctx == 1) {
+               CryptReleaseContext(hCryptProv, 0);
+               has_crypto_ctx = 0;
+       }
        tsrm_mutex_unlock(php_lock_win32_cryptoctx);
        tsrm_mutex_free(php_lock_win32_cryptoctx);


Modified: php/php-src/branches/PHP_5_4/NEWS
===================================================================
--- php/php-src/branches/PHP_5_4/NEWS   2012-01-27 10:00:18 UTC (rev 322842)
+++ php/php-src/branches/PHP_5_4/NEWS   2012-01-27 10:56:33 UTC (rev 322843)
@@ -1,9 +1,14 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? Jan 2012, PHP 5.4.0 RC 7
-- Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
-  CVE-2011-3389. (Scott)
+- Core:
+  . Fix bug #60895 (Possible invalid handler usage in windows random
+    functions). (Pierre)

+- OpenSSL:
+  . Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
+    CVE-2011-3389. (Scott)
+
 19 Jan 2012, PHP 5.4.0 RC6

 - Core:

Modified: php/php-src/branches/PHP_5_4/win32/winutil.c
===================================================================
--- php/php-src/branches/PHP_5_4/win32/winutil.c        2012-01-27 10:00:18 UTC 
(rev 322842)
+++ php/php-src/branches/PHP_5_4/win32/winutil.c        2012-01-27 10:56:33 UTC 
(rev 322843)
@@ -62,8 +62,10 @@
 void php_win32_free_rng_lock()
 {
        tsrm_mutex_lock(php_lock_win32_cryptoctx);
-       CryptReleaseContext(hCryptProv, 0);
-       has_crypto_ctx = 0;
+       if (has_crypto_ctx == 1) {
+               CryptReleaseContext(hCryptProv, 0);
+               has_crypto_ctx = 0;
+       }
        tsrm_mutex_unlock(php_lock_win32_cryptoctx);
        tsrm_mutex_free(php_lock_win32_cryptoctx);


Modified: php/php-src/trunk/win32/winutil.c
===================================================================
--- php/php-src/trunk/win32/winutil.c   2012-01-27 10:00:18 UTC (rev 322842)
+++ php/php-src/trunk/win32/winutil.c   2012-01-27 10:56:33 UTC (rev 322843)
@@ -62,8 +62,10 @@
 void php_win32_free_rng_lock()
 {
        tsrm_mutex_lock(php_lock_win32_cryptoctx);
-       CryptReleaseContext(hCryptProv, 0);
-       has_crypto_ctx = 0;
+       if (has_crypto_ctx == 1) {
+               CryptReleaseContext(hCryptProv, 0);
+               has_crypto_ctx = 0;
+       }
        tsrm_mutex_unlock(php_lock_win32_cryptoctx);
        tsrm_mutex_free(php_lock_win32_cryptoctx);



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to