- fix #60895, possible invalid handler usage

author Pierre Joye <pajoye@php.net>

Fri, 27 Jan 2012 10:56:33 +0000 (10:56 +0000)

committer Pierre Joye <pajoye@php.net>

Fri, 27 Jan 2012 10:56:33 +0000 (10:56 +0000)
author Pierre Joye <pajoye@php.net>
Fri, 27 Jan 2012 10:56:33 +0000 (10:56 +0000)
committer Pierre Joye <pajoye@php.net>
Fri, 27 Jan 2012 10:56:33 +0000 (10:56 +0000)
diff --git a/NEWS b/NEWS

index 3eda1682068475e6a9865ea3d244aeac393f0cf7..73a3e2a912eed6c73b28bea58ca3ae68f079b99b 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,8 +1,13 @@
  PHP                                                                        NEWS
  |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
  ?? Jan 2012, PHP 5.4.0 RC 7
-- Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
-  CVE-2011-3389. (Scott)
+- Core:
+  . Fix bug #60895 (Possible invalid handler usage in windows random
+    functions). (Pierre)
+
+- OpenSSL:
+  . Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
+    CVE-2011-3389. (Scott)
  
  19 Jan 2012, PHP 5.4.0 RC6
  
diff --git a/win32/winutil.c b/win32/winutil.c

index 1e8bf0bedb57f0675cbf6f268aacd057c858c0c2..d9609f7987e3b2f8327cde05f6375bb13f9297db 100644 (file)
--- a/win32/winutil.c
+++ b/win32/winutil.c
@@ -62,8 +62,10 @@ void php_win32_init_rng_lock()
  void php_win32_free_rng_lock()
  {
         tsrm_mutex_lock(php_lock_win32_cryptoctx);
-       CryptReleaseContext(hCryptProv, 0);
-       has_crypto_ctx = 0;
+       if (has_crypto_ctx == 1) {
+               CryptReleaseContext(hCryptProv, 0);
+               has_crypto_ctx = 0;
+       }
         tsrm_mutex_unlock(php_lock_win32_cryptoctx);
         tsrm_mutex_free(php_lock_win32_cryptoctx);
author	Pierre Joye <pajoye@php.net>
	Fri, 27 Jan 2012 10:56:33 +0000 (10:56 +0000)
committer	Pierre Joye <pajoye@php.net>
	Fri, 27 Jan 2012 10:56:33 +0000 (10:56 +0000)
NEWS		patch \| blob \| history
win32/winutil.c		patch \| blob \| history