From 6fc0ae638acd2a66a4181078f4ac5d789762d9de Mon Sep 17 00:00:00 2001 From: Anatol Belski Date: Thu, 2 Feb 2017 12:48:12 +0100 Subject: [PATCH] Fixed #74022 PHP Fast CGI crashes when reading from a pfx file. --- ext/openssl/openssl.c | 78 +++++++++++++++++--------------- ext/openssl/tests/bug74022.pfx | Bin 0 -> 1678 bytes ext/openssl/tests/bug74022.phpt | 19 ++++++++ 3 files changed, 60 insertions(+), 37 deletions(-) create mode 100644 ext/openssl/tests/bug74022.pfx create mode 100644 ext/openssl/tests/bug74022.phpt diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index c3c97b2bf4..da60bb9486 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -2638,56 +2638,60 @@ PHP_FUNCTION(openssl_pkcs12_read) zval_dtor(zout); array_init(zout); - bio_out = BIO_new(BIO_s_mem()); - if (PEM_write_bio_X509(bio_out, cert)) { - BUF_MEM *bio_buf; - BIO_get_mem_ptr(bio_out, &bio_buf); - ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length); - add_assoc_zval(zout, "cert", &zcert); + if (cert) { + bio_out = BIO_new(BIO_s_mem()); + if (PEM_write_bio_X509(bio_out, cert)) { + BUF_MEM *bio_buf; + BIO_get_mem_ptr(bio_out, &bio_buf); + ZVAL_STRINGL(&zcert, bio_buf->data, bio_buf->length); + add_assoc_zval(zout, "cert", &zcert); + } + BIO_free(bio_out); } - BIO_free(bio_out); - bio_out = BIO_new(BIO_s_mem()); - if (PEM_write_bio_PrivateKey(bio_out, pkey, NULL, NULL, 0, 0, NULL)) { - BUF_MEM *bio_buf; - BIO_get_mem_ptr(bio_out, &bio_buf); - ZVAL_STRINGL(&zpkey, bio_buf->data, bio_buf->length); - add_assoc_zval(zout, "pkey", &zpkey); + if (pkey) { + bio_out = BIO_new(BIO_s_mem()); + if (PEM_write_bio_PrivateKey(bio_out, pkey, NULL, NULL, 0, 0, NULL)) { + BUF_MEM *bio_buf; + BIO_get_mem_ptr(bio_out, &bio_buf); + ZVAL_STRINGL(&zpkey, bio_buf->data, bio_buf->length); + add_assoc_zval(zout, "pkey", &zpkey); + } + BIO_free(bio_out); } - BIO_free(bio_out); - array_init(&zextracerts); + if (ca && sk_X509_num(ca)) { - for (i=0;;i++) { - zval zextracert; - X509* aCA = sk_X509_pop(ca); - if (!aCA) break; + array_init(&zextracerts); - /* fix for bug 69882 */ - { - int err = ERR_peek_error(); - if (err == OPENSSL_ERROR_X509_PRIVATE_KEY_VALUES_MISMATCH) { - ERR_get_error(); + for (i=0; i < sk_X509_num(ca); i++) { + zval zextracert; + X509* aCA = sk_X509_pop(ca); + if (!aCA) break; + + /* fix for bug 69882 */ + { + int err = ERR_peek_error(); + if (err == OPENSSL_ERROR_X509_PRIVATE_KEY_VALUES_MISMATCH) { + ERR_get_error(); + } } - } - bio_out = BIO_new(BIO_s_mem()); - if (PEM_write_bio_X509(bio_out, aCA)) { - BUF_MEM *bio_buf; - BIO_get_mem_ptr(bio_out, &bio_buf); - ZVAL_STRINGL(&zextracert, bio_buf->data, bio_buf->length); - add_index_zval(&zextracerts, i, &zextracert); + bio_out = BIO_new(BIO_s_mem()); + if (PEM_write_bio_X509(bio_out, aCA)) { + BUF_MEM *bio_buf; + BIO_get_mem_ptr(bio_out, &bio_buf); + ZVAL_STRINGL(&zextracert, bio_buf->data, bio_buf->length); + add_index_zval(&zextracerts, i, &zextracert); + + } + BIO_free(bio_out); + X509_free(aCA); } - BIO_free(bio_out); - X509_free(aCA); - } - if(ca) { sk_X509_free(ca); add_assoc_zval(zout, "extracerts", &zextracerts); - } else { - zval_dtor(&zextracerts); } RETVAL_TRUE; diff --git a/ext/openssl/tests/bug74022.pfx b/ext/openssl/tests/bug74022.pfx new file mode 100644 index 0000000000000000000000000000000000000000..851dd9908da86832441d5c4e7c718ffbb5cde6bd GIT binary patch literal 1678 zcmXqLV(VgJWHxAGb7SMwYV&CO&dbQoxS)y6oTZ7)7$~d{#M-D*GC(N_ps)xK3$SrR zb@6a9GB0Ri{cF&~`jd?dD#$4YG>i2mOB3r;p!h?BCgzh1n3))vm^c}(oSbr?AkMVe zfER8$BR4C9L1UXCw*e;`b0`a&Fq5YrjKjgh6zXlrXTSrJVdr7>^Y?Udgz>p}Sc3x` zon2vkZXQ-wzYy0TLvaI9ka}hwKIe?Yyp*Cu1@Fw_jQk=)MFV-bwVaG%Ldn^=iJ3W> zDGuo%S}!?2*Fa93*U;R+(Adz>$k@!(C<@56K;jM_hc+=OAqOHOD+6;A6F-AN6B8Fx z6B8rDRxW+c^vSQSOZ$@3{&8H*T~s8)X_nmNYkDGf?H99)M`qbY-@dc+WNrH-$4;*H zYYh)nd!{mXA3Rv#b7s~g@wB#r^V6+kmVJ1hXm#tt+=nGzsaB1Q+l)6TY@X2S`)SI& zXSH8f)kru`d+E%x=E^SLyWituXPB$Ms_WwKjj(ZWelYRMX3?A-HYe>%CcmnmW7`t_ z`F7OW%TdabT#P*7*1|Iz3Idumi!35;_NSYsE%TWeJGb+Fx9|_+ysd2eY?w`DVT;dvQUgP5DqI+iXQkC^RwsVBer!TDyXS^neEgUwm*j& zS8T#?c8Z6Ek4H8IqEm_Cxl;{`FT?J z*9rQiEA%tXkCaT8WO7l*f@@oxi?)Qcjt~I``Dg<+kQuvP&K0E?w2Ua7`zmP~lm*^Ky47cW0m2Y3?4K zlU?Golg$qQbm|bR+<)PfZ$tW_<3`h0W$XxKo*DnGc2(u3z2V=I&d)w7;N=}2vb#fm z*F?p4D~?=DYi*erGV`m@6P4K|5(2LlF5mDe@2}~q7AtjDyL`WroxP38yXO>46%wdi z?#(y7FQt6i#p72_Z4Elt_*g!hb(ulRuRQikJa5me*IIb*^dh@mZ%Qhb|G!o9KKsTz zH>3H>Zn!WAtu&eP;CIhX-=7t+yA~)vsx?rvo3^EM>(=)ZmtMO4{ow^gcMgVIJlAU^ zdSmqGn^e^Md_H`my!-Y>k42Y0nxESKH?C&KjHnAdPbFg*%h;*0?=QYuxy1Wwv&GvNulbv`j50EvLPf7DJ-+L@$6@wmC%*j_ zzSsRze;wVybTx&u!{6oKzKrNdlS84`IgVX8vd&b@Y~AnwX3@F_YVQ^)3)nBnGnpi# zH&^HrgM4-3!ookV{mW+BJzlkJ@nSXBcc-q-6yTaJxW>yvv`VY(>6N^?l)RbeoIBE1 zL~iWZD}1MM-~E`W7N-&n84RoqnWR`m_C4V$pY$~}NaMwwvW(cdPfm0_ gab^+8lR0tzrvFoCuGAAjTzM_BZP|f|Oib(-0L4k6&Hw-a literal 0 HcmV?d00001 diff --git a/ext/openssl/tests/bug74022.phpt b/ext/openssl/tests/bug74022.phpt new file mode 100644 index 0000000000..0ab321c73a --- /dev/null +++ b/ext/openssl/tests/bug74022.phpt @@ -0,0 +1,19 @@ +--TEST-- +Bug #74022 PHP Fast CGI crashes when reading from a pfx file with valid password +--SKIPIF-- + +--FILE-- + +===DONE=== +--EXPECTF-- +bool(true) +bool(false) +===DONE=== -- 2.40.0