- #39217, use openssl i2s_ASN1_INTEGER to get a string representation of

  the integer (large or not). It also keeps BC by using only decimal fmt
- add test

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index eb5074833391401a197e20b7907815c7af602a05..a0997a522501def217ff7579c5440f18f12c0b81 100644 (file)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -367,40 +367,6 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /* {{{ */
 }
 /* }}} */
 
-static void php_asn1_integer_to_string(ASN1_INTEGER *a, char **str, int *str_len TSRMLS_DC) /* {{{ */
-{
-       int i;
-       static const char *h="0123456789ABCDEF";
-       zend_bool negative = 0;
-
-       *str = NULL;
-       *str_len = 0;
-
-       if (a == NULL) { 
-               return;
-       }
-
-       if (a->type & V_ASN1_NEG) {
-               negative = 1;
-       }
-
-       if (a->length == 0) {
-               *str_len = spprintf(str, 0, "%s00", negative ? "-" : "");
-       } else {
-               *str_len = a->length*2 + negative;
-               *str = emalloc(*str_len + 1);
-               if (negative) {
-                       (*str)[0] = '-';
-               }
-               for (i=0; i<a->length; i++) {
-                       (*str)[i*2 + negative]=h[((unsigned char)a->data[i]>>4)&0x0f];
-                       (*str)[i*2 + negative + 1]=h[((unsigned char)a->data[i])&0x0f];
-               }
-               (*str)[a->length*2 + negative] = '\0';
-       }
-}
-/* }}} */
-
 static inline int php_openssl_config_check_syntax(
                const char * section_label,
                const char * config_filename,
@@ -998,8 +964,6 @@ PHP_FUNCTION(openssl_x509_parse)
        X509_EXTENSION *extension;
        ASN1_OCTET_STRING *extdata;
        char *extname;
-       char *serial;
-       int serial_len;
 
        if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Z|b", &zcert, &useshortnames) == FAILURE) {
                return;
@@ -1026,8 +990,7 @@ PHP_FUNCTION(openssl_x509_parse)
        add_assoc_name_entry(return_value, "issuer",            X509_get_issuer_name(cert), useshortnames TSRMLS_CC);
        add_assoc_long(return_value, "version",                         X509_get_version(cert));
 
-       php_asn1_integer_to_string(X509_get_serialNumber(cert), &serial, &serial_len TSRMLS_CC);
-       add_assoc_stringl(return_value, "serialNumber", serial, serial_len, 0);
+       add_assoc_string(return_value, "serialNumber", i2s_ASN1_INTEGER(NULL, X509_get_serialNumber(cert)), 1);
 
        add_assoc_asn1_string(return_value, "validFrom",        X509_get_notBefore(cert));
        add_assoc_asn1_string(return_value, "validTo",          X509_get_notAfter(cert));

diff --git a/ext/openssl/tests/bug39217.phpt b/ext/openssl/tests/bug39217.phpt
new file mode 100644 (file)
index 0000000..7d9456b
--- /dev/null
+++ b/ext/openssl/tests/bug39217.phpt
@@ -0,0 +1,19 @@
+--TEST--
+#39217, Large serial number return -1
+--SKIPIF--
+<?php 
+if (!extension_loaded("openssl")) die("skip");
+?>
+--FILE--
+<?php 
+$dir = dirname(__FILE__);
+$certs = array('bug39217cert2.txt', 'bug39217cert1.txt');
+foreach($certs as $cert) {
+       $res = openssl_x509_parse(file_get_contents($dir . '/' . $cert));
+       print_r($res['serialNumber']);
+       echo "\n";
+}
+?>
+--EXPECTF--
+163040343498260435477161879008842183802
+15

diff --git a/ext/openssl/tests/bug39217cert1.txt b/ext/openssl/tests/bug39217cert1.txt
new file mode 100644 (file)
index 0000000..c3ddfb4
--- /dev/null
+++ b/ext/openssl/tests/bug39217cert1.txt
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvzCCAiigAwIBAgIBDzANBgkqhkiG9w0BAQUFADBbMRkwFwYDVQQKExBET0Ug
+U2NpZW5jZSBHcmlkMSAwHgYDVQQLExdDZXJ0aWZpY2F0ZSBBdXRob3JpdGllczEc
+MBoGA1UEAxMTQ2VydGlmaWNhdGUgTWFuYWdlcjAeFw0wMDA4MjkyMjI4MDJaFw0w
+MTA4MjkyMjI4MDJaMHgxDTALBgNVBAoTBEdyaWQxLjAsBgNVBAoTJUxhd3JlbmNl
+IEJlcmtlbGV5IE5hdGlvbmFsIExhYm9yYXRvcnkxIDAeBgNVBAsTF0NlcnRpZmlj
+YXRlIEF1dGhvcml0aWVzMRUwEwYDVQQDEwxMQk5MLUdyaWQtQ0EwgZ8wDQYJKoZI
+hvcNAQEBBQADgY0AMIGJAoGBAL2t4aX933WXYlofuY+L+16Tdl/KxpAammyfcW8u
+kHHT6RYDjaQdfV1FpNEqfSrRjKNwGGGkrG4XHZWiUO0Di0AlBN04lsRY6jB68l6B
+5byujfZv+8EeCI2c1ObBLYZYi4lToJf0sm0Hpn3GD7PZBv6BVHLOuwEFDl9z9Dnc
+DFDdAgMBAAGjdjB0MBEGCWCGSAGG+EIBAQQEAwIAhzAOBgNVHQ8BAf8EBAMCAcYw
+HQYDVR0OBBYEFIn+csPVyp+iprpYUIu1SziMQiDxMA8GA1UdEwEB/wQFMAMBAf8w
+HwYDVR0jBBgwFoAUm85P8ry9WHAx1fIyDn6eveJRFOcwDQYJKoZIhvcNAQEFBQAD
+gYEAHindWQ4P4VUmJVt5sUGA05hSAZriDJDDnkvkm/9AR7xgGxtsy21QruhUVe2E
+eVFBws85zbwRqMpfUQyE/xHhUcka2GQTaKlBlcEjZTMnsh27Si2PMYU/UPr/PIpq
+kBkoxVV1bMWRK57mG2tzzTy9j0wkct4G5IjEsrYNDzW6U3E=
+-----END CERTIFICATE-----

diff --git a/ext/openssl/tests/bug39217cert2.txt b/ext/openssl/tests/bug39217cert2.txt
new file mode 100644 (file)
index 0000000..399618c
--- /dev/null
+++ b/ext/openssl/tests/bug39217cert2.txt
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAkWgAwIBAgIQeqhtj1pzHCrTTq2AldV0ejANBgkqhkiG9w0BAQQFADAy
+MRcwFQYDVQQKEw5FLUFDSEFUIE1JTkRFRjEXMBUGA1UEAxMORS1BQ0hBVCBNSU5E
+RUYwHhcNMDQwMTA1MDAwMDAwWhcNMDYwMTA0MjM1OTU5WjCB5DEOMAwGA1UEBxQF
+UEFSSVMxCzAJBgNVBAYTAkZSMRcwFQYDVQQKFA5FLUFDSEFUIE1JTkRFRjEtMCsG
+A1UECxQkRW50LiAtIENhcCBHZW1pbmkgRXJuc3QgWW91bmcgRnJhbmNlMR8wHQYD
+VQQLFBZTSVJFTiAtIDMyODc4MTc4NjAwMDUzMTQwMgYDVQQDEytDR0VZIEZyYW5j
+ZSAtIENhcCBHZW1pbmkgRXJuc3QgWW91bmcgRnJhbmNlMSYwJAYJKoZIhvcNAQkB
+FhdkZ2FlbWEtbWNvQGNhcGdlbWluaS5mcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEApFgcuVTuUe0z+iGTaPw7yVxhZsPq6aIqGHsCvU9fqUcymbmg9l4oTfAk
+gR5bvDo+JTQb1/OPlQCKqyVa7wn6lPs97dMOZMobjCRcvw7z0jVphortA1NS8FRH
+6LsWELZ13uC57IIakpW726Vz3tST9qHHbQoWbX/n8NjHcwL4zUECAwEAAaNAMD4w
+CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEQYJYIZIAYb4QgEBBAQDAgeAMBEGCmCG
+SAGG+EUBBgkEAwEB/zANBgkqhkiG9w0BAQQFAAOBgQAWdmEu8TkFdgqA/xN6llo9
+zZR3EUH0X5HstxJRYgofcQyfumJHhgvaNB8vkDhZ3iJORVVxcJ27W36TAJ6b4jcr
+yWjO/nc42XdgknS8r9NIV7VKzmjY7Ip2+9N6JOAWFkjGrnF1G69nrerIJavJTzrb
+PYlQnzJO6SHAoi5j6WsKPw==
+-----END CERTIFICATE-----