Skip to content

Instantly share code, notes, and snippets.

@smalyshev smalyshev/71475.diff Secret
Created Feb 1, 2016

Embed
What would you like to do?
commit 33b1fbbb5c0459a623ab91b492f1a37c5262329c
Author: Stanislav Malyshev <stas@php.net>
Date: Sun Jan 31 20:18:46 2016 -0800
Fixed bug #71475: openssl_seal() uninitialized memory usage
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index a8ecbb2..75c44a3 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -4938,6 +4938,7 @@ PHP_FUNCTION(openssl_seal)
memset(eks, 0, sizeof(*eks) * nkeys);
key_resources = safe_emalloc(nkeys, sizeof(zend_resource*), 0);
memset(key_resources, 0, sizeof(zend_resource*) * nkeys);
+ memset(pkeys, 0, sizeof(*pkeys) * nkeys);
/* get the public keys we are using to seal this data */
i = 0;
@@ -4999,7 +5000,7 @@ PHP_FUNCTION(openssl_seal)
clean_exit:
for (i=0; i<nkeys; i++) {
- if (key_resources[i] == NULL) {
+ if (key_resources[i] == NULL && pkeys[i] != NULL) {
EVP_PKEY_free(pkeys[i]);
}
if (eks[i]) {
diff --git a/ext/openssl/tests/bug71475.phpt b/ext/openssl/tests/bug71475.phpt
new file mode 100644
index 0000000..680753d
--- /dev/null
+++ b/ext/openssl/tests/bug71475.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #71475: openssl_seal() uninitialized memory usage
+--SKIPIF--
+<?php
+if (!extension_loaded("openssl")) die("skip openssl not loaded");
+?>
+--FILE--
+<?php
+$_ = str_repeat("A", 512);
+openssl_seal($_, $_, $_, array_fill(0,64,0));
+?>
+DONE
+--EXPECTF--
+
+Warning: openssl_seal(): not a public key (1th member of pubkeys) in %s/bug71475.php on line %d
+DONE
\ No newline at end of file
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.