-
-
Save smalyshev/5e0e829f3128c7c21cd7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit 33b1fbbb5c0459a623ab91b492f1a37c5262329c | |
Author: Stanislav Malyshev <stas@php.net> | |
Date: Sun Jan 31 20:18:46 2016 -0800 | |
Fixed bug #71475: openssl_seal() uninitialized memory usage | |
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c | |
index a8ecbb2..75c44a3 100644 | |
--- a/ext/openssl/openssl.c | |
+++ b/ext/openssl/openssl.c | |
@@ -4938,6 +4938,7 @@ PHP_FUNCTION(openssl_seal) | |
memset(eks, 0, sizeof(*eks) * nkeys); | |
key_resources = safe_emalloc(nkeys, sizeof(zend_resource*), 0); | |
memset(key_resources, 0, sizeof(zend_resource*) * nkeys); | |
+ memset(pkeys, 0, sizeof(*pkeys) * nkeys); | |
/* get the public keys we are using to seal this data */ | |
i = 0; | |
@@ -4999,7 +5000,7 @@ PHP_FUNCTION(openssl_seal) | |
clean_exit: | |
for (i=0; i<nkeys; i++) { | |
- if (key_resources[i] == NULL) { | |
+ if (key_resources[i] == NULL && pkeys[i] != NULL) { | |
EVP_PKEY_free(pkeys[i]); | |
} | |
if (eks[i]) { | |
diff --git a/ext/openssl/tests/bug71475.phpt b/ext/openssl/tests/bug71475.phpt | |
new file mode 100644 | |
index 0000000..680753d | |
--- /dev/null | |
+++ b/ext/openssl/tests/bug71475.phpt | |
@@ -0,0 +1,16 @@ | |
+--TEST-- | |
+Bug #71475: openssl_seal() uninitialized memory usage | |
+--SKIPIF-- | |
+<?php | |
+if (!extension_loaded("openssl")) die("skip openssl not loaded"); | |
+?> | |
+--FILE-- | |
+<?php | |
+$_ = str_repeat("A", 512); | |
+openssl_seal($_, $_, $_, array_fill(0,64,0)); | |
+?> | |
+DONE | |
+--EXPECTF-- | |
+ | |
+Warning: openssl_seal(): not a public key (1th member of pubkeys) in %s/bug71475.php on line %d | |
+DONE | |
\ No newline at end of file |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment