Fix segfault caused by openssl_pkey_new() in ext/openssl/tests/006.phpt

author Henrique do Nascimento Angelo <hnangelo@php.net>

Tue, 15 Jul 2008 02:46:26 +0000 (02:46 +0000)

committer Henrique do Nascimento Angelo <hnangelo@php.net>

Tue, 15 Jul 2008 02:46:26 +0000 (02:46 +0000)
author Henrique do Nascimento Angelo <hnangelo@php.net>
Tue, 15 Jul 2008 02:46:26 +0000 (02:46 +0000)
committer Henrique do Nascimento Angelo <hnangelo@php.net>
Tue, 15 Jul 2008 02:46:26 +0000 (02:46 +0000)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c

index 4f653921c1f55b723737c365c0207fc1bc03a3b1..e1f4bb56decc35729b3f2734953c3ddc69ab8e27 100644 (file)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -2950,8 +2950,10 @@ PHP_FUNCTION(openssl_pkey_new)
                                         OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmp1);
                                         OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmq1);
                                         OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, iqmp);
-                                       if (EVP_PKEY_assign_RSA(pkey, rsa)) {
-                                               RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+                                       if (rsa->n && rsa->d) {
+                                               if (EVP_PKEY_assign_RSA(pkey, rsa)) {
+                                                       RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+                                               }
                                         }
                                         RSA_free(rsa);
                                 }
@@ -2969,11 +2971,13 @@ PHP_FUNCTION(openssl_pkey_new)
                                         OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, g);
                                         OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, priv_key);
                                         OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, pub_key);
-                                       if (!dsa->priv_key && !dsa->pub_key) {
-                                               DSA_generate_key(dsa);
-                                       }
-                                       if (EVP_PKEY_assign_DSA(pkey, dsa)) {
-                                               RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+                                       if (dsa->p && dsa->q && dsa->g) {
+                                               if (!dsa->priv_key && !dsa->pub_key) {
+                                                       DSA_generate_key(dsa);
+                                               }
+                                               if (EVP_PKEY_assign_DSA(pkey, dsa)) {
+                                                       RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+                                               }
                                         }
                                         DSA_free(dsa);
                                 }
@@ -2990,11 +2994,13 @@ PHP_FUNCTION(openssl_pkey_new)
                                         OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, g);
                                         OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, priv_key);
                                         OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, pub_key);
-                                       if (!dh->pub_key) {
-                                               DH_generate_key(dh);
-                                       }
-                                       if (EVP_PKEY_assign_DH(pkey, dh)) {
-                                               RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+                                       if (dh->p && dh->g) {
+                                               if (!dh->pub_key) {
+                                                       DH_generate_key(dh);
+                                               }
+                                               if (EVP_PKEY_assign_DH(pkey, dh)) {
+                                                       RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+                                               }
                                         }
                                         DH_free(dh);
                                 }
diff --git a/ext/openssl/tests/006.phpt b/ext/openssl/tests/006.phpt

new file mode 100644 (file)

index 0000000..9db87ff
--- /dev/null
+++ b/ext/openssl/tests/006.phpt
@@ -0,0 +1,25 @@
+--TEST--
+openssl_pkey_new() with an empty sub-array arg generates a malformed resource
+--SKIPIF--
+<?php if (!extension_loaded("openssl")) print "skip"; ?>
+--FILE--
+<?php
+/* openssl_pkey_get_details() segfaults when getting the information
+       from openssl_pkey_new() with an empty sub-array arg             */
+
+$rsa = array(b"rsa" => array());
+$dsa = array(b"dsa" => array());
+$dh = array(b"dh" => array());
+
+openssl_pkey_get_details(openssl_pkey_new($rsa));
+openssl_pkey_get_details(openssl_pkey_new($dsa));
+openssl_pkey_get_details(openssl_pkey_new($dh));
+?>
+--EXPECTF--
+
+Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in %s on line %d
+
+Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in %s on line %d
+
+Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in %s on line %d
+
author	Henrique do Nascimento Angelo <hnangelo@php.net>
	Tue, 15 Jul 2008 02:46:26 +0000 (02:46 +0000)
committer	Henrique do Nascimento Angelo <hnangelo@php.net>
	Tue, 15 Jul 2008 02:46:26 +0000 (02:46 +0000)
ext/openssl/openssl.c		patch \| blob \| history
ext/openssl/tests/006.phpt	[new file with mode: 0644]	patch \| blob