From 46b3f378101392b60059982ffc680a36cce60704 Mon Sep 17 00:00:00 2001 From: Pierre Joye Date: Sat, 29 Jul 2006 22:10:50 +0000 Subject: [PATCH] - fix leak when the key is not a valid key (like false or an array) --- ext/openssl/openssl.c | 66 ++++++++++++++++++++++++++++--------------- 1 file changed, 44 insertions(+), 22 deletions(-) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 5a7eb82720..4d0a869a92 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -577,6 +577,30 @@ static int php_openssl_write_rand_file(const char * file, int egdsocket, int see } return SUCCESS; } + +static EVP_MD * php_openssl_get_evp_md_from_algo(long algo) { /* {{{ */ + EVP_MD *mdtype; + + switch (algo) { + case OPENSSL_ALGO_SHA1: + mdtype = (EVP_MD *) EVP_sha1(); + break; + case OPENSSL_ALGO_MD5: + mdtype = (EVP_MD *) EVP_md5(); + break; + case OPENSSL_ALGO_MD4: + mdtype = (EVP_MD *) EVP_md4(); + break; + case OPENSSL_ALGO_MD2: + mdtype = (EVP_MD *) EVP_md2(); + break; + default: + return NULL; + break; + } + return mdtype; +} +/* }}} */ /* }}} */ /* {{{ PHP_MINIT_FUNCTION @@ -1812,6 +1836,9 @@ static EVP_PKEY * php_openssl_evp_from_zval(zval ** val, int public_key, char * return NULL; } else { /* force it to be a string and check if it refers to a file */ + if (Z_TYPE_PP(val) == IS_LONG || Z_TYPE_PP(val) == IS_BOOL) { + return NULL; + } convert_to_string_ex(val); if (Z_STRLEN_PP(val) > 7 && memcmp(Z_STRVAL_PP(val), "file://", sizeof("file://") - 1) == 0) { @@ -2872,7 +2899,7 @@ PHP_FUNCTION(openssl_error_string) } /* }}} */ -/* {{{ proto bool openssl_sign(string data, &string signature, mixed key) +/* {{{ proto bool openssl_sign(string data, &string signature, mixed key[, int signature_alg]) Signs data */ PHP_FUNCTION(openssl_sign) { @@ -2896,23 +2923,10 @@ PHP_FUNCTION(openssl_sign) RETURN_FALSE; } - switch (signature_algo) { - case OPENSSL_ALGO_SHA1: - mdtype = (EVP_MD *) EVP_sha1(); - break; - case OPENSSL_ALGO_MD5: - mdtype = (EVP_MD *) EVP_md5(); - break; - case OPENSSL_ALGO_MD4: - mdtype = (EVP_MD *) EVP_md4(); - break; - case OPENSSL_ALGO_MD2: - mdtype = (EVP_MD *) EVP_md2(); - break; - default: - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown signature algorithm."); - RETURN_FALSE; - break; + mdtype = php_openssl_get_evp_md_from_algo(signature_algo); + if (!mdtype) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown signature algorithm."); + RETURN_FALSE; } siglen = EVP_PKEY_size(pkey); @@ -2943,21 +2957,29 @@ PHP_FUNCTION(openssl_verify) EVP_PKEY *pkey; int err; EVP_MD_CTX md_ctx; + EVP_MD *mdtype; long keyresource = -1; char * data; int data_len; char * signature; int signature_len; - - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssz", &data, &data_len, &signature, &signature_len, &key) == FAILURE) { + long signature_algo = OPENSSL_ALGO_SHA1; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssz|l", &data, &data_len, &signature, &signature_len, &key, &signature_algo) == FAILURE) { return; } - + + mdtype = php_openssl_get_evp_md_from_algo(signature_algo); + if (!mdtype) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown signature algorithm."); + RETURN_FALSE; + } + pkey = php_openssl_evp_from_zval(&key, 1, NULL, 0, &keyresource TSRMLS_CC); if (pkey == NULL) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "supplied key param cannot be coerced into a public key"); RETURN_FALSE; } - EVP_VerifyInit (&md_ctx, EVP_sha1()); + EVP_VerifyInit (&md_ctx, mdtype); EVP_VerifyUpdate (&md_ctx, data, data_len); err = EVP_VerifyFinal (&md_ctx, signature, signature_len, pkey); -- 2.40.0