Fixed #74022 PHP Fast CGI crashes when reading from a pfx file.

author Anatol Belski <ab@php.net>

Thu, 2 Feb 2017 11:48:12 +0000 (12:48 +0100)

committer Anatol Belski <ab@php.net>

Thu, 2 Feb 2017 11:48:12 +0000 (12:48 +0100)
author Anatol Belski <ab@php.net>
Thu, 2 Feb 2017 11:48:12 +0000 (12:48 +0100)
committer Anatol Belski <ab@php.net>
Thu, 2 Feb 2017 11:48:12 +0000 (12:48 +0100)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c

index c3c97b2bf4f82f50ff815892b94d047dded04df2..da60bb9486074756a160ebfdeeb18142a142fad4 100644 (file)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -2638,56 +2638,60 @@ PHP_FUNCTION(openssl_pkcs12_read)
                         zval_dtor(zout);
                         array_init(zout);
  
-                       bio_out = BIO_new(BIO_s_mem());
-                       if (PEM_write_bio_X509(bio_out, cert)) {
-                               BUF_MEM *bio_buf;
-                               BIO_get_mem_ptr(bio_out, &bio_buf);
-                               ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);
-                               add_assoc_zval(zout, "cert", &zcert);
+                       if (cert) {
+                               bio_out = BIO_new(BIO_s_mem());
+                               if (PEM_write_bio_X509(bio_out, cert)) {
+                                       BUF_MEM *bio_buf;
+                                       BIO_get_mem_ptr(bio_out, &bio_buf);
+                                       ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);
+                                       add_assoc_zval(zout, "cert", &zcert);
+                               }
+                               BIO_free(bio_out);
                         }
-                       BIO_free(bio_out);
  
-                       bio_out = BIO_new(BIO_s_mem());
-                       if (PEM_write_bio_PrivateKey(bio_out, pkey, NULL, NULL, 0, 0, NULL)) {
-                               BUF_MEM *bio_buf;
-                               BIO_get_mem_ptr(bio_out, &bio_buf);
-                               ZVAL_STRINGL(&zpkey, bio_buf->data, bio_buf->length);
-                               add_assoc_zval(zout, "pkey", &zpkey);
+                       if (pkey) {
+                               bio_out = BIO_new(BIO_s_mem());
+                               if (PEM_write_bio_PrivateKey(bio_out, pkey, NULL, NULL, 0, 0, NULL)) {
+                                       BUF_MEM *bio_buf;
+                                       BIO_get_mem_ptr(bio_out, &bio_buf);
+                                       ZVAL_STRINGL(&zpkey, bio_buf->data, bio_buf->length);
+                                       add_assoc_zval(zout, "pkey", &zpkey);
+                               }
+                               BIO_free(bio_out);
                         }
-                       BIO_free(bio_out);
  
-                       array_init(&zextracerts);
+                       if (ca && sk_X509_num(ca)) {
  
-                       for (i=0;;i++) {
-                               zval zextracert;
-                               X509* aCA = sk_X509_pop(ca);
-                               if (!aCA) break;
+                               array_init(&zextracerts);
  
-                               /* fix for bug 69882 */
-                               {
-                                       int err = ERR_peek_error();
-                                       if (err == OPENSSL_ERROR_X509_PRIVATE_KEY_VALUES_MISMATCH) {
-                                               ERR_get_error();
+                               for (i=0; i < sk_X509_num(ca); i++) {
+                                       zval zextracert;
+                                       X509* aCA = sk_X509_pop(ca);
+                                       if (!aCA) break;
+
+                                       /* fix for bug 69882 */
+                                       {
+                                               int err = ERR_peek_error();
+                                               if (err == OPENSSL_ERROR_X509_PRIVATE_KEY_VALUES_MISMATCH) {
+                                                       ERR_get_error();
+                                               }
                                         }
-                               }
  
-                               bio_out = BIO_new(BIO_s_mem());
-                               if (PEM_write_bio_X509(bio_out, aCA)) {
-                                       BUF_MEM *bio_buf;
-                                       BIO_get_mem_ptr(bio_out, &bio_buf);
-                                       ZVAL_STRINGL(&zextracert, bio_buf->data, bio_buf->length);
-                                       add_index_zval(&zextracerts, i, &zextracert);
+                                       bio_out = BIO_new(BIO_s_mem());
+                                       if (PEM_write_bio_X509(bio_out, aCA)) {
+                                               BUF_MEM *bio_buf;
+                                               BIO_get_mem_ptr(bio_out, &bio_buf);
+                                               ZVAL_STRINGL(&zextracert, bio_buf->data, bio_buf->length);
+                                               add_index_zval(&zextracerts, i, &zextracert);
+
+                                       }
+                                       BIO_free(bio_out);
  
+                                       X509_free(aCA);
                                 }
-                               BIO_free(bio_out);
  
-                               X509_free(aCA);
-                       }
-                       if(ca) {
                                 sk_X509_free(ca);
                                 add_assoc_zval(zout, "extracerts", &zextracerts);
-                       } else {
-                               zval_dtor(&zextracerts);
                         }
  
                         RETVAL_TRUE;
diff --git a/ext/openssl/tests/bug74022.pfx b/ext/openssl/tests/bug74022.pfx

new file mode 100644 (file)

index 0000000..851dd99

Binary files /dev/null and b/ext/openssl/tests/bug74022.pfx differ
diff --git a/ext/openssl/tests/bug74022.phpt b/ext/openssl/tests/bug74022.phpt

new file mode 100644 (file)

index 0000000..0ab321c
--- /dev/null
+++ b/ext/openssl/tests/bug74022.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Bug #74022 PHP Fast CGI crashes when reading from a pfx file with valid password
+--SKIPIF--
+<?php
+if (!extension_loaded("openssl")) die("skip");
+?>
+--FILE--
+<?php
+$pfx = dirname(__FILE__) . DIRECTORY_SEPARATOR . "bug74022.pfx";
+$cert_store = file_get_contents($pfx);
+
+var_dump(openssl_pkcs12_read($cert_store, $cert_info, "csos"));
+var_dump(openssl_error_string());
+?>
+===DONE===
+--EXPECTF--
+bool(true)
+bool(false)
+===DONE===
author	Anatol Belski <ab@php.net>
	Thu, 2 Feb 2017 11:48:12 +0000 (12:48 +0100)
committer	Anatol Belski <ab@php.net>
	Thu, 2 Feb 2017 11:48:12 +0000 (12:48 +0100)
ext/openssl/openssl.c		patch \| blob \| history
ext/openssl/tests/bug74022.pfx	[new file with mode: 0644]	patch \| blob
ext/openssl/tests/bug74022.phpt	[new file with mode: 0644]	patch \| blob