From: Henrique do Nascimento Angelo <hnangelo@php.net>
Date: Tue, 15 Jul 2008 02:43:30 +0000 (+0000)
Subject: Fix segfault caused by openssl_pkey_new() in ext/openssl/tests/006.phpt
X-Git-Tag: php-5.3.0alpha1~343
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8e2248c8b195512d7f4d41794b56b9bab0bee04f;p=php

Fix segfault caused by openssl_pkey_new() in ext/openssl/tests/006.phpt
---

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index e27dd7c273..749be4fdc3 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -2912,8 +2912,10 @@ PHP_FUNCTION(openssl_pkey_new)
 					OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmp1);
 					OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, dmq1);
 					OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), rsa, iqmp);
-					if (EVP_PKEY_assign_RSA(pkey, rsa)) {
-						RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+					if (rsa->n && rsa->d) {
+						if (EVP_PKEY_assign_RSA(pkey, rsa)) {
+							RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+						}
 					}
 					RSA_free(rsa);
 				}
@@ -2931,11 +2933,13 @@ PHP_FUNCTION(openssl_pkey_new)
 					OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, g);
 					OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, priv_key);
 					OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dsa, pub_key);
-					if (!dsa->priv_key && !dsa->pub_key) {
-						DSA_generate_key(dsa);
-					}
-					if (EVP_PKEY_assign_DSA(pkey, dsa)) {
-						RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+					if (dsa->p && dsa->q && dsa->g) {
+						if (!dsa->priv_key && !dsa->pub_key) {
+							DSA_generate_key(dsa);
+						}
+						if (EVP_PKEY_assign_DSA(pkey, dsa)) {
+							RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+						}
 					}
 					DSA_free(dsa);
 				}
@@ -2952,11 +2956,13 @@ PHP_FUNCTION(openssl_pkey_new)
 					OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, g);
 					OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, priv_key);
 					OPENSSL_PKEY_SET_BN(Z_ARRVAL_PP(data), dh, pub_key);
-					if (!dh->pub_key) {
-						DH_generate_key(dh);
-					}
-					if (EVP_PKEY_assign_DH(pkey, dh)) {
-						RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+					if (dh->p && dh->g) {
+						if (!dh->pub_key) {
+							DH_generate_key(dh);
+						}
+						if (EVP_PKEY_assign_DH(pkey, dh)) {
+							RETURN_RESOURCE(zend_list_insert(pkey, le_key));
+						}
 					}
 					DH_free(dh);
 				}
diff --git a/ext/openssl/tests/006.phpt b/ext/openssl/tests/006.phpt
new file mode 100644
index 0000000000..d6e41e496b
--- /dev/null
+++ b/ext/openssl/tests/006.phpt
@@ -0,0 +1,25 @@
+--TEST--
+openssl_pkey_new() with an empty sub-array arg generates a malformed resource
+--SKIPIF--
+<?php if (!extension_loaded("openssl")) print "skip"; ?>
+--FILE--
+<?php
+/* openssl_pkey_get_details() segfaults when getting the information
+	from openssl_pkey_new() with an empty sub-array arg 		*/
+
+$rsa = array("rsa" => array());
+$dsa = array("dsa" => array());
+$dh = array("dh" => array());
+
+openssl_pkey_get_details(openssl_pkey_new($rsa));
+openssl_pkey_get_details(openssl_pkey_new($dsa));
+openssl_pkey_get_details(openssl_pkey_new($dh));
+?>
+--EXPECTF--
+
+Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in %s on line %d
+
+Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in %s on line %d
+
+Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in %s on line %d
+