From 3786f956e6fdbe4d160eae90d2edf37906dc80c2 Mon Sep 17 00:00:00 2001
From: Pierre Joye <pajoye@php.net>
Date: Mon, 31 Jul 2006 00:33:42 +0000
Subject: [PATCH] - #36732, add req_extensions support to openssl_csr_new and
 _sign   (ben at psc dot edu) - fix leaks in openssl_csr_new and sign

---
 ext/openssl/openssl.c           | 39 +++++++++++++++++----------------
 ext/openssl/tests/bug36732.phpt | 39 +++++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+), 19 deletions(-)
 create mode 100644 ext/openssl/tests/bug36732.phpt

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index c88db3c393..58d32703c7 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -468,8 +468,8 @@ static int php_openssl_parse_config(
 		CONF_get_string(req->req_config, req->section_name, "default_md"));
 	SET_OPTIONAL_STRING_ARG("x509_extensions", req->extensions_section,
 		CONF_get_string(req->req_config, req->section_name, "x509_extensions"));
-	SET_OPTIONAL_STRING_ARG("req_extensions", req->extensions_section,
-		CONF_get_string(req->req_config, req->request_extensions_section, "req_extensions"));
+	SET_OPTIONAL_STRING_ARG("req_extensions", req->request_extensions_section,
+		CONF_get_string(req->req_config, req->section_name, "req_extensions"));
 	SET_OPTIONAL_LONG_ARG("private_key_bits", req->priv_key_bits,
 		CONF_get_number(req->req_config, req->section_name, "default_bits"));
 
@@ -509,9 +509,6 @@ static int php_openssl_parse_config(
 		return FAILURE;
 	}
 
-	if (req->request_extensions_section == NULL) {
-		req->request_extensions_section = CONF_get_string(req->req_config, req->section_name, "req_extensions");
-	}
 	PHP_SSL_CONFIG_SYNTAX_CHECK(request_extensions_section);
 	
 	return SUCCESS;
@@ -879,8 +876,6 @@ PHP_FUNCTION(openssl_x509_export)
 	zend_bool notext = 1;
 	BIO * bio_out;
 	long certresource;
-	char * bio_mem_ptr;
-	long bio_mem_len;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rz|b", &zcert, &zout, &notext) == FAILURE) {
 		return;
@@ -897,12 +892,15 @@ PHP_FUNCTION(openssl_x509_export)
 	if (!notext) {
 		X509_print(bio_out, cert);
 	}
-	PEM_write_bio_X509(bio_out, cert);
+	if (PEM_write_bio_X509(bio_out, cert))  {
+		BUF_MEM *bio_buf;
 
-	bio_mem_len = BIO_get_mem_data(bio_out, &bio_mem_ptr);
-	ZVAL_STRINGL(zout, bio_mem_ptr, bio_mem_len, 1);
+		zval_dtor(zout);
+		BIO_get_mem_ptr(bio_out, &bio_buf);
+		ZVAL_STRINGL(zout, bio_buf->data, bio_buf->length, 1);
 
-	RETVAL_TRUE;
+		RETVAL_TRUE;
+	}
 
 	if (certresource == -1 && cert) {
 		X509_free(cert);
@@ -1531,9 +1529,8 @@ PHP_FUNCTION(openssl_csr_export)
 	zval * zcsr = NULL, *zout=NULL;
 	zend_bool notext = 1;
 	BIO * bio_out;
+
 	long csr_resource;
-	char * bio_mem_ptr;
-	long bio_mem_len;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rz|b", &zcsr, &zout, &notext) == FAILURE) {
 		return;
@@ -1552,12 +1549,16 @@ PHP_FUNCTION(openssl_csr_export)
 	if (!notext) {
 		X509_REQ_print(bio_out, csr);
 	}
-	PEM_write_bio_X509_REQ(bio_out, csr);
 
-	bio_mem_len = BIO_get_mem_data(bio_out, &bio_mem_ptr);
-	ZVAL_STRINGL(zout, bio_mem_ptr, bio_mem_len, 1);
+	if (PEM_write_bio_X509_REQ(bio_out, csr)) {
+		BUF_MEM *bio_buf;
 
-	RETVAL_TRUE;
+		BIO_get_mem_ptr(bio_out, &bio_buf);
+		zval_dtor(zout);
+		ZVAL_STRINGL(zout, bio_buf->data, bio_buf->length, 1);
+
+		RETVAL_TRUE;
+	}
 
 	if (csr_resource == -1 && csr) {
 		X509_REQ_free(csr);
@@ -1655,12 +1656,12 @@ PHP_FUNCTION(openssl_csr_sign)
 	if (!i) {
 		goto cleanup;
 	}
-	if (req.request_extensions_section) {
+	if (req.extensions_section) {
 		X509V3_CTX ctx;
 		
 		X509V3_set_ctx(&ctx, cert, new_cert, csr, NULL, 0);
 		X509V3_set_conf_lhash(&ctx, req.req_config);
-		if (!X509V3_EXT_add_conf(req.req_config, &ctx, req.request_extensions_section, new_cert)) {
+		if (!X509V3_EXT_add_conf(req.req_config, &ctx, req.extensions_section, new_cert)) {
 			goto cleanup;
 		}
 	}
diff --git a/ext/openssl/tests/bug36732.phpt b/ext/openssl/tests/bug36732.phpt
new file mode 100644
index 0000000000..c7bb8abc53
--- /dev/null
+++ b/ext/openssl/tests/bug36732.phpt
@@ -0,0 +1,39 @@
+--TEST--
+#36732, add support for req_extensions in openss_csr_new and sign
+--SKIPIF--
+<?php 
+if (!extension_loaded("openssl")) die("skip"); 
+?>
+--FILE--
+<?php 
+$configargs = array(
+        "req_extensions" => "v3_req",
+        "x509_extensions" => "usr_cert"
+);
+
+$dn = array(
+        "countryName" => "GB",
+        "stateOrProvinceName" => "Berkshire",
+        "localityName" => "Newbury",
+        "organizationName" => "My Company Ltd",
+        "commonName" => "Demo Cert"
+);
+
+$key = openssl_pkey_new();
+$csr = openssl_csr_new($dn, $key, $configargs);
+$crt = openssl_csr_sign($csr, NULL, $key, 365, $configargs);
+
+$str = '';
+openssl_csr_export($csr, $str, false);
+
+if (strpos($str, 'Requested Extensions:')) {
+	echo "Ok\n";
+}
+openssl_x509_export($crt, $str, false);
+if (strpos($str, 'X509v3 extensions:')) {
+	echo "Ok\n";
+}
+?>
+--EXPECTF--
+Ok
+Ok
-- 
2.50.1