From: Scott MacVicar <scottmac@php.net>
Date: Mon, 8 Dec 2008 11:54:22 +0000 (+0000)
Subject: MFH Fix bug #46748, segfault when SSL has more than one error message.
X-Git-Tag: php-5.3.0beta1~494
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=15a212b259dcc0ffd65bfaa0c394800f3570f9b3;p=php

MFH Fix bug #46748, segfault when SSL has more than one error message.
---

diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index 1aa6a3a911..a0e0958c1e 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -21,6 +21,7 @@
 #include "php.h"
 #include "ext/standard/file.h"
 #include "streams/php_streams_int.h"
+#include "ext/standard/php_smart_str.h"
 #include "php_network.h"
 #include "php_openssl.h"
 #include <openssl/ssl.h>
@@ -89,9 +90,8 @@ static int handle_ssl_error(php_stream *stream, int nr_bytes, zend_bool is_init
 	php_openssl_netstream_data_t *sslsock = (php_openssl_netstream_data_t*)stream->abstract;
 	int err = SSL_get_error(sslsock->ssl_handle, nr_bytes);
 	char esbuf[512];
-	char *ebuf = NULL, *wptr = NULL;
-	size_t ebuf_size = 0;
-	unsigned long code, ecode;
+	smart_str ebuf = {0};
+	unsigned long ecode;
 	int retry = 1;
 
 	switch(err) {
@@ -142,35 +142,23 @@ static int handle_ssl_error(php_stream *stream, int nr_bytes, zend_bool is_init
 
 				default:
 					do {
-						/* allow room for a NUL and an optional \n */
-						if (ebuf) {
-							esbuf[0] = '\n';
-							esbuf[1] = '\0';
-							ERR_error_string_n(ecode, esbuf + 1, sizeof(esbuf) - 2);
-						} else {
-							esbuf[0] = '\0';
-							ERR_error_string_n(ecode, esbuf, sizeof(esbuf) - 1);
+						// NULL is automatically added
+						ERR_error_string_n(ecode, esbuf, sizeof(esbuf));
+						if (ebuf.c) {
+							smart_str_appendc(&ebuf, '\n');
 						}
-						code = strlen(esbuf);
-						esbuf[code] = '\0';
-
-						ebuf = erealloc(ebuf, ebuf_size + code + 1);
-						if (wptr == NULL) {
-							wptr = ebuf;
-						}	
-
-						/* also copies the NUL */
-						memcpy(wptr, esbuf, code + 1);
-						wptr += code;
+						smart_str_appends(&ebuf, esbuf);
 					} while ((ecode = ERR_get_error()) != 0);
 
+					smart_str_0(&ebuf);
+
 					php_error_docref(NULL TSRMLS_CC, E_WARNING,
 							"SSL operation failed with code %d. %s%s",
 							err,
-							ebuf ? "OpenSSL Error messages:\n" : "",
-							ebuf ? ebuf : "");
-					if (ebuf) {
-						efree(ebuf);
+							ebuf.c ? "OpenSSL Error messages:\n" : "",
+							ebuf.c ? ebuf.c : "");
+					if (ebuf.c) {
+						smart_str_free(&ebuf);
 					}
 			}