From: Anatol Belski <ab@php.net>
Date: Thu, 2 Feb 2017 12:06:31 +0000 (+0100)
Subject: Merge branch 'PHP-7.0' into PHP-7.1
X-Git-Tag: php-7.1.3RC1~70
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9b9080e85d7d7ecaa743ec84e90bb0b52a51029f;p=php

Merge branch 'PHP-7.0' into PHP-7.1

* PHP-7.0:
  Fixed #74022 PHP Fast CGI crashes when reading from a pfx file.
---

9b9080e85d7d7ecaa743ec84e90bb0b52a51029f
diff --cc ext/openssl/openssl.c
index 47a28a1111,da60bb9486..8de329aec7
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@@ -2924,70 -2628,76 +2924,71 @@@ PHP_FUNCTION(openssl_pkcs12_read
  
  	bio_in = BIO_new(BIO_s_mem());
  
 -	if(0 >= BIO_write(bio_in, zp12, (int)zp12_len))
 +	if (0 >= BIO_write(bio_in, zp12, (int)zp12_len)) {
 +		php_openssl_store_errors();
  		goto cleanup;
 +	}
  
 -	if(d2i_PKCS12_bio(bio_in, &p12)) {
 -		if(PKCS12_parse(p12, pass, &pkey, &cert, &ca)) {
 -			BIO * bio_out;
 +	if (d2i_PKCS12_bio(bio_in, &p12) && PKCS12_parse(p12, pass, &pkey, &cert, &ca)) {
 +		BIO * bio_out;
  
 -			zval_dtor(zout);
 -			array_init(zout);
 +		zval_dtor(zout);
 +		array_init(zout);
  
- 		bio_out = BIO_new(BIO_s_mem());
- 		if (PEM_write_bio_X509(bio_out, cert)) {
- 			BUF_MEM *bio_buf;
- 			BIO_get_mem_ptr(bio_out, &bio_buf);
- 			ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);
- 			add_assoc_zval(zout, "cert", &zcert);
- 		} else {
- 			php_openssl_store_errors();
 -			if (cert) {
 -				bio_out = BIO_new(BIO_s_mem());
 -				if (PEM_write_bio_X509(bio_out, cert)) {
 -					BUF_MEM *bio_buf;
 -					BIO_get_mem_ptr(bio_out, &bio_buf);
 -					ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);
 -					add_assoc_zval(zout, "cert", &zcert);
 -				}
 -				BIO_free(bio_out);
++		if (cert) {
++			bio_out = BIO_new(BIO_s_mem());
++			if (PEM_write_bio_X509(bio_out, cert)) {
++				BUF_MEM *bio_buf;
++				BIO_get_mem_ptr(bio_out, &bio_buf);
++				ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length);
++				add_assoc_zval(zout, "cert", &zcert);
++			} else {
++				php_openssl_store_errors();
+ 			}
++			BIO_free(bio_out);
 +		}
- 		BIO_free(bio_out);
  
- 		bio_out = BIO_new(BIO_s_mem());
- 		if (PEM_write_bio_PrivateKey(bio_out, pkey, NULL, NULL, 0, 0, NULL)) {
- 			BUF_MEM *bio_buf;
- 			BIO_get_mem_ptr(bio_out, &bio_buf);
- 			ZVAL_STRINGL(&zpkey, bio_buf->data, bio_buf->length);
- 			add_assoc_zval(zout, "pkey", &zpkey);
- 		} else {
- 			php_openssl_store_errors();
 -			if (pkey) {
 -				bio_out = BIO_new(BIO_s_mem());
 -				if (PEM_write_bio_PrivateKey(bio_out, pkey, NULL, NULL, 0, 0, NULL)) {
 -					BUF_MEM *bio_buf;
 -					BIO_get_mem_ptr(bio_out, &bio_buf);
 -					ZVAL_STRINGL(&zpkey, bio_buf->data, bio_buf->length);
 -					add_assoc_zval(zout, "pkey", &zpkey);
 -				}
 -				BIO_free(bio_out);
++		if (pkey) {
++			bio_out = BIO_new(BIO_s_mem());
++			if (PEM_write_bio_PrivateKey(bio_out, pkey, NULL, NULL, 0, 0, NULL)) {
++				BUF_MEM *bio_buf;
++				BIO_get_mem_ptr(bio_out, &bio_buf);
++				ZVAL_STRINGL(&zpkey, bio_buf->data, bio_buf->length);
++				add_assoc_zval(zout, "pkey", &zpkey);
++			} else {
++				php_openssl_store_errors();
+ 			}
++			BIO_free(bio_out);
 +		}
- 		BIO_free(bio_out);
  
- 		array_init(&zextracerts);
 -			if (ca && sk_X509_num(ca)) {
 -
 -				array_init(&zextracerts);
 -
 -				for (i=0; i < sk_X509_num(ca); i++) {
 -					zval zextracert;
 -					X509* aCA = sk_X509_pop(ca);
 -					if (!aCA) break;
 -
 -					/* fix for bug 69882 */
 -					{
 -						int err = ERR_peek_error();
 -						if (err == OPENSSL_ERROR_X509_PRIVATE_KEY_VALUES_MISMATCH) {
 -							ERR_get_error();
 -						}
 -					}
 -
 -					bio_out = BIO_new(BIO_s_mem());
 -					if (PEM_write_bio_X509(bio_out, aCA)) {
 -						BUF_MEM *bio_buf;
 -						BIO_get_mem_ptr(bio_out, &bio_buf);
 -						ZVAL_STRINGL(&zextracert, bio_buf->data, bio_buf->length);
 -						add_index_zval(&zextracerts, i, &zextracert);
++		if (ca && sk_X509_num(ca)) {
++			array_init(&zextracerts);
  
- 		for (i=0;;i++) {
- 			zval zextracert;
- 			X509* aCA = sk_X509_pop(ca);
- 			if (!aCA) break;
 -					}
 -					BIO_free(bio_out);
++			for (i = 0; i < sk_X509_num(ca); i++) {
++				zval zextracert;
++				X509* aCA = sk_X509_pop(ca);
++				if (!aCA) break;
  
- 			bio_out = BIO_new(BIO_s_mem());
- 			if (PEM_write_bio_X509(bio_out, aCA)) {
- 				BUF_MEM *bio_buf;
- 				BIO_get_mem_ptr(bio_out, &bio_buf);
- 				ZVAL_STRINGL(&zextracert, bio_buf->data, bio_buf->length);
- 				add_index_zval(&zextracerts, i, &zextracert);
 -					X509_free(aCA);
++				bio_out = BIO_new(BIO_s_mem());
++				if (PEM_write_bio_X509(bio_out, aCA)) {
++					BUF_MEM *bio_buf;
++					BIO_get_mem_ptr(bio_out, &bio_buf);
++					ZVAL_STRINGL(&zextracert, bio_buf->data, bio_buf->length);
++					add_index_zval(&zextracerts, i, &zextracert);
+ 				}
  
 -				sk_X509_free(ca);
 -				add_assoc_zval(zout, "extracerts", &zextracerts);
++				X509_free(aCA);
  			}
- 			BIO_free(bio_out);
  
- 			X509_free(aCA);
- 		}
- 		if(ca) {
 -			RETVAL_TRUE;
 -
 -			PKCS12_free(p12);
 +			sk_X509_free(ca);
 +			add_assoc_zval(zout, "extracerts", &zextracerts);
- 		} else {
- 			zval_dtor(&zextracerts);
  		}
 +
 +		RETVAL_TRUE;
 +
 +		PKCS12_free(p12);
 +	} else {
 +		php_openssl_store_errors();
  	}
  
  	cleanup: