-
-
Save anonymous/df2b2f212b9fcf008cb826ccf17221a0 to your computer and use it in GitHub Desktop.
Patch for 74651
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit 9348d49a6277f1efd42af1c7debfe68928943e92 | |
Author: Stanislav Malyshev <stas@php.net> | |
Date: Mon Jun 19 23:06:24 2017 -0700 | |
Fix bug #74651 - check EVP_SealInit as it can return -1 | |
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c | |
index 6203267..2107b9b 100644 | |
--- a/ext/openssl/openssl.c | |
+++ b/ext/openssl/openssl.c | |
@@ -5421,7 +5421,7 @@ PHP_FUNCTION(openssl_seal) | |
buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(ctx)); | |
EVP_CIPHER_CTX_cleanup(ctx); | |
- if (!EVP_SealInit(ctx, cipher, eks, eksl, &iv_buf[0], pkeys, nkeys) || | |
+ if (EVP_SealInit(ctx, cipher, eks, eksl, &iv_buf[0], pkeys, nkeys) <= 0 || | |
!EVP_SealUpdate(ctx, buf, &len1, (unsigned char *)data, (int)data_len) || | |
!EVP_SealFinal(ctx, buf + len1, &len2)) { | |
RETVAL_FALSE; | |
diff --git a/ext/openssl/tests/74651.pem b/ext/openssl/tests/74651.pem | |
new file mode 100644 | |
index 0000000..4ed5905 | |
--- /dev/null | |
+++ b/ext/openssl/tests/74651.pem | |
@@ -0,0 +1,27 @@ | |
+-----BEGIN CERTIFICATE----- | |
+MIIEoDCCBAmgAwIBAgIBJzANBgkqhkiG9w0BAQQFADCBkDELMAkGA1UEFhMCUk8x | |
+EDAOBgNVBAgTB1JvbWFuaWExEDAOBgNVBAcTB0NyYWlvdmExDzANBgNVBAoTBlNl | |
+cmdpdTETMBEGA1UECxMKU2VyZ2l1IFNSTDESMBAGA1UEAxMJU2VyZ2l1IENBMSMw | |
+IQYJKoZIhvcNAQkBFhRuX3NlcmdpdUBob3RtYWlsLmNvbTAeFw0wNDA1MTQxMzM0 | |
+NTZaFw0wNTA1MTQxMzM0NTZaMIGaMQswCQYDVQQGEwJSTzEQMA4GA1UECBMHUm9t | |
+YW5pYTEQMA4GA1UEBxMHQ3JhaW92YTETMBEGA1UEChMKU2VyZ2l1IFNSTDETMBEG | |
+A1UECxMKU2VyZ2l1IFNSTDEYMBYGA1UEAxMPU2VyZ2l1IHBlcnNvbmFsMSMwIQYJ | |
+KoZIhvcNAQkBFhRuX3NlcmdpdUBob3RtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF | |
+AAOBjQAwgYkCgYEApNj7XXz8T8FcLIWpBniPYom3QcT6T7u0xRPHqtqzj5oboBYp | |
+DJe5d354/y0gJTpiLt8+fTrPgWXnbHm3pOHgXzTcX6Arani0GDU0/xDi4VkCRGcS | |
+YqX2sJpcDzAbmK9UDMt3xf/O1B8AJan3RfO0Bm3ozTEPziLMkmsiYr5b/L4CAwEA | |
+AaOCAfwwggH4MAkGA1UdEwQCMAAwNQYJYIZIAYb4QgENBCgWJkZvciBHcmlkIHVz | |
+ZSBvbmx5OyByZXF1ZXN0IHRhZyB1c2VyVGFnMBEGCWCGSAGG+EIBAQQEAwIF4DA/ | |
+BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vbW9iaWxlLmJsdWUtc29mdHdhcmUucm86 | |
+OTAvY2EvY3JsLnNodG1sMDUGCWCGSAGG+EIBCAQoFiZodHRwOi8vbW9iaWxlLmJs | |
+dWUtc29mdHdhcmUucm86OTAvcHViLzAhBgNVHREEGjAYgRZzZXJnaXVAYmx1ZXNv | |
+ZnR3YXJlLnJvMB0GA1UdDgQWBBSwp//5QRXeIzm93TEPl6CyonTg/DCBpwYDVR0j | |
+BIGfMIGcoYGWpIGTMIGQMQswCQYDVQQGEwJSTzEQMA4GA1UECBMHUm9tYW5pYTEQ | |
+MA4GA1UEBxMHQ3JhaW92YTEPMA0GA1UEChMGU2VyZ2l1MRMwEQYDVQQLEwpTZXJn | |
+aXUgU1JMMRIwEAYDVQQDEwlTZXJnaXUgQ0ExIzAhBgkqhkiG9w0BCQEWFG5fc2Vy | |
+Z2l1QGhvdG1haWwuY29tggEAMAsGA1UdDwQEAwIE8DAjBglghkgBhvhCAQIEFhYU | |
+aHR0cDovLzYyLjIzMS45OC41Mi8wCwYDKgMEBAQ+52I0MA0GCSqGSIb3DQEBBAUA | |
+A4GBAIBIOJ+iiLyQfNJEY+IMefayQea0nmuXYY+F+L1DFjSC7xChytgYoPNnKkhh | |
+3dWPtxbswiqKYUnGi6y3Hi4UhDsOaDW29t2S305hSc2qgjOiNtRYQIVYQ8EHG1k7 | |
+Fl63S7uCOhnVJt+4MnUK1N6/pwgsp+Z2GvEsDG1qCKnvNpf6 | |
+-----END CERTIFICATE----- | |
diff --git a/ext/openssl/tests/bug74651.phpt b/ext/openssl/tests/bug74651.phpt | |
new file mode 100644 | |
index 0000000..f86394b | |
--- /dev/null | |
+++ b/ext/openssl/tests/bug74651.phpt | |
@@ -0,0 +1,17 @@ | |
+--TEST-- | |
+Bug #74651: negative-size-param (-1) in memcpy in zif_openssl_seal() | |
+--SKIPIF-- | |
+<?php | |
+if (!extension_loaded("openssl")) die("skip openssl not loaded"); | |
+?> | |
+--FILE-- | |
+<?php | |
+ | |
+$inputstr = file_get_contents(__DIR__ . "/74651.pem"); | |
+$pub_key_id = openssl_get_publickey($inputstr); | |
+var_dump($pub_key_id); | |
+var_dump(openssl_seal($inputstr, $sealed, $ekeys, array($pub_key_id, $pub_key_id), 'AES-128-ECB')); | |
+?> | |
+--EXPECTF-- | |
+resource(%d) of type (OpenSSL key) | |
+bool(false) | |
\ No newline at end of file |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment