From: alex at hollerith dot net Operating system: FreeBSD i386 PHP version: master-Git-2013-02-02 (Git) Package: OpenSSL related Bug Type: Bug Bug description:overflow in PHP_FUNCTION(openssl_csr_sign)
Description: ------------ Potential overflow in this code: /* {{{ proto resource openssl_csr_sign(mixed csr, mixed x509, mixed priv_key, long days [, array config_args [, long serial]]) Signs a cert with another CERT */ PHP_FUNCTION(openssl_csr_sign) { zval ** zcert = NULL, **zcsr, **zpkey, *args = NULL; long num_days; ...... X509_gmtime_adj(X509_get_notAfter(new_cert), (long)60*60*24*num_days); ...... When "num_days" is big, say 36500 (for 100 years) this casting to "long" will overflow in 32-bit environments where usually "sizeof(long) = 4". This is relevant for applications like the pfsense Firewall system on embedded hardware like the Soekris6501, where only i386 versions can be installed. -- Edit bug report at https://bugs.php.net/bug.php?id=64133&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=64133&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=64133&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=64133&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=64133&r=fixed Fixed in release: https://bugs.php.net/fix.php?id=64133&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=64133&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=64133&r=needscript Try newer version: https://bugs.php.net/fix.php?id=64133&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=64133&r=support Expected behavior: https://bugs.php.net/fix.php?id=64133&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=64133&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=64133&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=64133&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=64133&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=64133&r=dst IIS Stability: https://bugs.php.net/fix.php?id=64133&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=64133&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=64133&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=64133&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=64133&r=mysqlcfg