MFH r322485

Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
CVE-2011-3389

diff --git a/NEWS b/NEWS
index 4a08318355ebc0673f7b1a015b8d3437507e6cfa..3eda1682068475e6a9865ea3d244aeac393f0cf7 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? Jan 2012, PHP 5.4.0
+?? Jan 2012, PHP 5.4.0 RC 7
+- Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
+  CVE-2011-3389. (Scott)
 
 19 Jan 2012, PHP 5.4.0 RC6
 

diff --git a/ext/ftp/ftp.c b/ext/ftp/ftp.c
index 8b74e03c1a599849405f29b6490c816637eadca9..4156a04581316364ef0e911c2162c929e98d03f1 100644 (file)
--- a/ext/ftp/ftp.c
+++ b/ext/ftp/ftp.c
@@ -243,6 +243,7 @@ ftp_login(ftpbuf_t *ftp, const char *user, const char *pass TSRMLS_DC)
 {
 #if HAVE_OPENSSL_EXT
        SSL_CTX *ctx = NULL;
+       long ssl_ctx_options = SSL_OP_ALL;
 #endif
        if (ftp == NULL) {
                return 0;
@@ -279,7 +280,10 @@ ftp_login(ftpbuf_t *ftp, const char *user, const char *pass TSRMLS_DC)
                        return 0;
                }
 
-               SSL_CTX_set_options(ctx, SSL_OP_ALL);
+#if OPENSSL_VERSION_NUMBER >= 0x0090605fL
+               ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+#endif
+               SSL_CTX_set_options(ctx, ssl_ctx_options);
 
                ftp->ssl_handle = SSL_new(ctx);
                if (ftp->ssl_handle == NULL) {
@@ -1495,6 +1499,7 @@ data_accept(databuf_t *data, ftpbuf_t *ftp TSRMLS_DC)
 
 #if HAVE_OPENSSL_EXT
        SSL_CTX         *ctx;
+       long ssl_ctx_options = SSL_OP_ALL;
 #endif
 
        if (data->fd != -1) {
@@ -1521,7 +1526,10 @@ data_accepted:
                        return 0;
                }
 
-               SSL_CTX_set_options(ctx, SSL_OP_ALL);
+#if OPENSSL_VERSION_NUMBER >= 0x0090605fL
+               ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+#endif
+               SSL_CTX_set_options(ctx, ssl_ctx_options);
 
                data->ssl_handle = SSL_new(ctx);
                if (data->ssl_handle == NULL) {

diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index 334148c02e0e87c6e0b6f7aa14bcabcdbcab5634..d03eb3ee8730eab6694dd9013c11b16e695f6092 100644 (file)
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -310,6 +310,7 @@ static inline int php_openssl_setup_crypto(php_stream *stream,
                TSRMLS_DC)
 {
        SSL_METHOD *method;
+       long ssl_ctx_options = SSL_OP_ALL;
        
        if (sslsock->ssl_handle) {
                if (sslsock->s.is_blocked) {
@@ -377,7 +378,10 @@ static inline int php_openssl_setup_crypto(php_stream *stream,
                return -1;
        }
 
-       SSL_CTX_set_options(sslsock->ctx, SSL_OP_ALL);
+#if OPENSSL_VERSION_NUMBER >= 0x0090605fL
+       ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+#endif
+       SSL_CTX_set_options(sslsock->ctx, ssl_ctx_options);
 
 #if OPENSSL_VERSION_NUMBER >= 0x0090806fL
        {