- MFH: #38255, fix possible leak in php_openssl_evp_from_zval

author Pierre Joye <pajoye@php.net>

Sat, 29 Jul 2006 22:24:49 +0000 (22:24 +0000)

committer Pierre Joye <pajoye@php.net>

Sat, 29 Jul 2006 22:24:49 +0000 (22:24 +0000)
author Pierre Joye <pajoye@php.net>
Sat, 29 Jul 2006 22:24:49 +0000 (22:24 +0000)
committer Pierre Joye <pajoye@php.net>
Sat, 29 Jul 2006 22:24:49 +0000 (22:24 +0000)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c

index 5cb9a403f87c29220b712cca334cf480e6e4594e..7fa5c40331711edbdc91e35495658470f0949529 100644 (file)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -1824,6 +1824,9 @@ static EVP_PKEY * php_openssl_evp_from_zval(zval ** val, int public_key, char *
                 return NULL;
         } else {
                 /* force it to be a string and check if it refers to a file */
+               if (Z_TYPE_PP(val) == IS_LONG || Z_TYPE_PP(val) == IS_BOOL) {
+                       return NULL;
+               }
                 convert_to_string_ex(val);
  
                 if (Z_STRLEN_PP(val) > 7 && memcmp(Z_STRVAL_PP(val), "file://", sizeof("file://") - 1) == 0) {
diff --git a/ext/openssl/tests/bug38255.phpt b/ext/openssl/tests/bug38255.phpt

new file mode 100644 (file)

index 0000000..45b2817
--- /dev/null
+++ b/ext/openssl/tests/bug38255.phpt
@@ -0,0 +1,14 @@
+--TEST--
+openssl key from zval leaks 
+--SKIPIF--
+<?php 
+if (!extension_loaded("openssl")) die("skip"); 
+?>
+--FILE--
+<?php
+$pub_key_id = false; 
+$signature = '';
+$ok = openssl_verify("foo", $signature, $pub_key_id, OPENSSL_ALGO_MD5);
+?>
+--EXPECTF--
+Warning: openssl_verify(): supplied key param cannot be coerced into a public key in %s/bug38255.php on line %d
author	Pierre Joye <pajoye@php.net>
	Sat, 29 Jul 2006 22:24:49 +0000 (22:24 +0000)
committer	Pierre Joye <pajoye@php.net>
	Sat, 29 Jul 2006 22:24:49 +0000 (22:24 +0000)
ext/openssl/openssl.c		patch \| blob \| history
ext/openssl/tests/bug38255.phpt	[new file with mode: 0644]	patch \| blob