From: Antony Dovgal Date: Fri, 20 Oct 2006 23:21:07 +0000 (+0000) Subject: fix #39217 (serialNumber is might be -1 when the value is too big) X-Git-Tag: RELEASE_1_0_0RC1~1230 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=50eac21f67a9892500d1e4c9ce957ffb91667dd3;p=php fix #39217 (serialNumber is might be -1 when the value is too big) --- diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index db134f9b94..eb50748333 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -367,6 +367,40 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /* {{{ */ } /* }}} */ +static void php_asn1_integer_to_string(ASN1_INTEGER *a, char **str, int *str_len TSRMLS_DC) /* {{{ */ +{ + int i; + static const char *h="0123456789ABCDEF"; + zend_bool negative = 0; + + *str = NULL; + *str_len = 0; + + if (a == NULL) { + return; + } + + if (a->type & V_ASN1_NEG) { + negative = 1; + } + + if (a->length == 0) { + *str_len = spprintf(str, 0, "%s00", negative ? "-" : ""); + } else { + *str_len = a->length*2 + negative; + *str = emalloc(*str_len + 1); + if (negative) { + (*str)[0] = '-'; + } + for (i=0; ilength; i++) { + (*str)[i*2 + negative]=h[((unsigned char)a->data[i]>>4)&0x0f]; + (*str)[i*2 + negative + 1]=h[((unsigned char)a->data[i])&0x0f]; + } + (*str)[a->length*2 + negative] = '\0'; + } +} +/* }}} */ + static inline int php_openssl_config_check_syntax( const char * section_label, const char * config_filename, @@ -964,6 +998,8 @@ PHP_FUNCTION(openssl_x509_parse) X509_EXTENSION *extension; ASN1_OCTET_STRING *extdata; char *extname; + char *serial; + int serial_len; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Z|b", &zcert, &useshortnames) == FAILURE) { return; @@ -989,7 +1025,9 @@ PHP_FUNCTION(openssl_x509_parse) add_assoc_name_entry(return_value, "issuer", X509_get_issuer_name(cert), useshortnames TSRMLS_CC); add_assoc_long(return_value, "version", X509_get_version(cert)); - add_assoc_long(return_value, "serialNumber", ASN1_INTEGER_get(X509_get_serialNumber(cert))); + + php_asn1_integer_to_string(X509_get_serialNumber(cert), &serial, &serial_len TSRMLS_CC); + add_assoc_stringl(return_value, "serialNumber", serial, serial_len, 0); add_assoc_asn1_string(return_value, "validFrom", X509_get_notBefore(cert)); add_assoc_asn1_string(return_value, "validTo", X509_get_notAfter(cert));