From 398c6e6d1153ca2034a152977d1700629b146e43 Mon Sep 17 00:00:00 2001
From: Scott MacVicar <scottmac@php.net>
Date: Thu, 26 Jan 2012 05:15:57 +0000
Subject: [PATCH] MFH r322485 Fix possible attack in SSL sockets with SSL 3.0 /
 TLS 1.0. CVE-2011-3389

---
 NEWS                 |  4 +++-
 ext/ftp/ftp.c        | 12 ++++++++++--
 ext/openssl/xp_ssl.c |  6 +++++-
 3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/NEWS b/NEWS
index 4a08318355..3eda168206 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? Jan 2012, PHP 5.4.0
+?? Jan 2012, PHP 5.4.0 RC 7
+- Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
+  CVE-2011-3389. (Scott)
 
 19 Jan 2012, PHP 5.4.0 RC6
 
diff --git a/ext/ftp/ftp.c b/ext/ftp/ftp.c
index 8b74e03c1a..4156a04581 100644
--- a/ext/ftp/ftp.c
+++ b/ext/ftp/ftp.c
@@ -243,6 +243,7 @@ ftp_login(ftpbuf_t *ftp, const char *user, const char *pass TSRMLS_DC)
 {
 #if HAVE_OPENSSL_EXT
 	SSL_CTX	*ctx = NULL;
+	long ssl_ctx_options = SSL_OP_ALL;
 #endif
 	if (ftp == NULL) {
 		return 0;
@@ -279,7 +280,10 @@ ftp_login(ftpbuf_t *ftp, const char *user, const char *pass TSRMLS_DC)
 			return 0;
 		}
 
-		SSL_CTX_set_options(ctx, SSL_OP_ALL);
+#if OPENSSL_VERSION_NUMBER >= 0x0090605fL
+		ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+#endif
+		SSL_CTX_set_options(ctx, ssl_ctx_options);
 
 		ftp->ssl_handle = SSL_new(ctx);
 		if (ftp->ssl_handle == NULL) {
@@ -1495,6 +1499,7 @@ data_accept(databuf_t *data, ftpbuf_t *ftp TSRMLS_DC)
 
 #if HAVE_OPENSSL_EXT
 	SSL_CTX		*ctx;
+	long ssl_ctx_options = SSL_OP_ALL;
 #endif
 
 	if (data->fd != -1) {
@@ -1521,7 +1526,10 @@ data_accepted:
 			return 0;
 		}
 
-		SSL_CTX_set_options(ctx, SSL_OP_ALL);
+#if OPENSSL_VERSION_NUMBER >= 0x0090605fL
+		ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+#endif
+		SSL_CTX_set_options(ctx, ssl_ctx_options);
 
 		data->ssl_handle = SSL_new(ctx);
 		if (data->ssl_handle == NULL) {
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index 334148c02e..d03eb3ee87 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -310,6 +310,7 @@ static inline int php_openssl_setup_crypto(php_stream *stream,
 		TSRMLS_DC)
 {
 	SSL_METHOD *method;
+	long ssl_ctx_options = SSL_OP_ALL;
 	
 	if (sslsock->ssl_handle) {
 		if (sslsock->s.is_blocked) {
@@ -377,7 +378,10 @@ static inline int php_openssl_setup_crypto(php_stream *stream,
 		return -1;
 	}
 
-	SSL_CTX_set_options(sslsock->ctx, SSL_OP_ALL);
+#if OPENSSL_VERSION_NUMBER >= 0x0090605fL
+	ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+#endif
+	SSL_CTX_set_options(sslsock->ctx, ssl_ctx_options);
 
 #if OPENSSL_VERSION_NUMBER >= 0x0090806fL
 	{
-- 
2.50.1