From: Antony Dovgal <tony2001@php.net>
Date: Tue, 29 Jul 2008 11:18:40 +0000 (+0000)
Subject: don't segfault if given invalid/empty private key
X-Git-Tag: php-5.3.0alpha1~59
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=57caabf65376ea963eeea7ab128680791a6ba168;p=php

don't segfault if given invalid/empty private key
---

diff --git a/ext/phar/util.c b/ext/phar/util.c
index add7ce8d16..909f4053aa 100644
--- a/ext/phar/util.c
+++ b/ext/phar/util.c
@@ -1902,6 +1902,13 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
 			key = PEM_read_bio_PrivateKey(in, NULL,NULL, "");
 
 			BIO_free(in);
+			if (!key) {
+				if (error) {
+					spprintf(error, 0, "unable to process private key");
+				}
+				return FAILURE;
+			}
+
 			siglen = EVP_PKEY_size(key);
 			sigbuf = emalloc(siglen + 1);