Fix segfault caused by openssl_pkey_new() in ext/openssl/tests/006.phpt

author Henrique do Nascimento Angelo <hnangelo@php.net>

Tue, 15 Jul 2008 02:43:30 +0000 (02:43 +0000)

committer Henrique do Nascimento Angelo <hnangelo@php.net>

Tue, 15 Jul 2008 02:43:30 +0000 (02:43 +0000)
author Henrique do Nascimento Angelo <hnangelo@php.net>
Tue, 15 Jul 2008 02:43:30 +0000 (02:43 +0000)
committer Henrique do Nascimento Angelo <hnangelo@php.net>
Tue, 15 Jul 2008 02:43:30 +0000 (02:43 +0000)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c

index e27dd7c27385f14a88b4d3dcf1fd6d3ea1e31ee4..749be4fdc3e8df6634e14858b6c1fdc0154866c3 100644 (file)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -2912,8 +2912,10 @@ PHP_FUNCTION(openssl_pkey_new)
                                         OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmp1);
                                         OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmq1);
                                         OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, iqmp);
-                                       if (EVP_PKEY_assign_RSA(pkey, rsa)) {
-                                               RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+                                       if (rsa->n && rsa->d) {
+                                               if (EVP_PKEY_assign_RSA(pkey, rsa)) {
+                                                       RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+                                               }
                                         }
                                         RSA_free(rsa);
                                 }
@@ -2931,11 +2933,13 @@ PHP_FUNCTION(openssl_pkey_new)
                                         OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, g);
                                         OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, priv_key);
                                         OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, pub_key);
-                                       if (!dsa->priv_key && !dsa->pub_key) {
-                                               DSA_generate_key(dsa);
-                                       }
-                                       if (EVP_PKEY_assign_DSA(pkey, dsa)) {
-                                               RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+                                       if (dsa->p && dsa->q && dsa->g) {
+                                               if (!dsa->priv_key && !dsa->pub_key) {
+                                                       DSA_generate_key(dsa);
+                                               }
+                                               if (EVP_PKEY_assign_DSA(pkey, dsa)) {
+                                                       RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+                                               }
                                         }
                                         DSA_free(dsa);
                                 }
@@ -2952,11 +2956,13 @@ PHP_FUNCTION(openssl_pkey_new)
                                         OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, g);
                                         OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, priv_key);
                                         OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, pub_key);
-                                       if (!dh->pub_key) {
-                                               DH_generate_key(dh);
-                                       }
-                                       if (EVP_PKEY_assign_DH(pkey, dh)) {
-                                               RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+                                       if (dh->p && dh->g) {
+                                               if (!dh->pub_key) {
+                                                       DH_generate_key(dh);
+                                               }
+                                               if (EVP_PKEY_assign_DH(pkey, dh)) {
+                                                       RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+                                               }
                                         }
                                         DH_free(dh);
                                 }
diff --git a/ext/openssl/tests/006.phpt b/ext/openssl/tests/006.phpt

new file mode 100644 (file)

index 0000000..d6e41e4
--- /dev/null
+++ b/ext/openssl/tests/006.phpt
@@ -0,0 +1,25 @@
+--TEST--
+openssl_pkey_new() with an empty sub-array arg generates a malformed resource
+--SKIPIF--
+<?php if (!extension_loaded("openssl")) print "skip"; ?>
+--FILE--
+<?php
+/* openssl_pkey_get_details() segfaults when getting the information
+       from openssl_pkey_new() with an empty sub-array arg             */
+
+$rsa = array("rsa" => array());
+$dsa = array("dsa" => array());
+$dh = array("dh" => array());
+
+openssl_pkey_get_details(openssl_pkey_new($rsa));
+openssl_pkey_get_details(openssl_pkey_new($dsa));
+openssl_pkey_get_details(openssl_pkey_new($dh));
+?>
+--EXPECTF--
+
+Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in %s on line %d
+
+Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in %s on line %d
+
+Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in %s on line %d
+
author	Henrique do Nascimento Angelo <hnangelo@php.net>
	Tue, 15 Jul 2008 02:43:30 +0000 (02:43 +0000)
committer	Henrique do Nascimento Angelo <hnangelo@php.net>
	Tue, 15 Jul 2008 02:43:30 +0000 (02:43 +0000)
ext/openssl/openssl.c		patch \| blob \| history
ext/openssl/tests/006.phpt	[new file with mode: 0644]	patch \| blob