[PHP-BUG] Bug #64133 [NEW]: overflow in PHP_FUNCTION(openssl_csr_sign)

Sat, 02 Feb 2013 07:34:33 -0800 

From:             alex at hollerith dot net
Operating system: FreeBSD i386
PHP version:      master-Git-2013-02-02 (Git)
Package:          OpenSSL related
Bug Type:         Bug
Bug description:overflow in PHP_FUNCTION(openssl_csr_sign)

Description:
------------
Potential overflow in this code:

/* {{{ proto resource openssl_csr_sign(mixed csr, mixed x509, mixed
priv_key, long 
days [, array config_args [, long serial]])
   Signs a cert with another CERT */
PHP_FUNCTION(openssl_csr_sign)
{
   zval ** zcert = NULL, **zcsr, **zpkey, *args = NULL;
   long num_days;
......
       X509_gmtime_adj(X509_get_notAfter(new_cert),
(long)60*60*24*num_days);
......

When "num_days" is big, say 36500 (for 100 years) this casting to "long"
will 
overflow in 32-bit environments where usually "sizeof(long) = 4".

This is relevant for applications like the pfsense Firewall system on
embedded 
hardware like the Soekris6501, where only i386 versions can be installed.


-- 
Edit bug report at https://bugs.php.net/bug.php?id=64133&edit=1
-- 
Try a snapshot (PHP 5.4):   
https://bugs.php.net/fix.php?id=64133&r=trysnapshot54
Try a snapshot (PHP 5.3):   
https://bugs.php.net/fix.php?id=64133&r=trysnapshot53
Try a snapshot (trunk):     
https://bugs.php.net/fix.php?id=64133&r=trysnapshottrunk
Fixed in SVN:               https://bugs.php.net/fix.php?id=64133&r=fixed
Fixed in release:           https://bugs.php.net/fix.php?id=64133&r=alreadyfixed
Need backtrace:             https://bugs.php.net/fix.php?id=64133&r=needtrace
Need Reproduce Script:      https://bugs.php.net/fix.php?id=64133&r=needscript
Try newer version:          https://bugs.php.net/fix.php?id=64133&r=oldversion
Not developer issue:        https://bugs.php.net/fix.php?id=64133&r=support
Expected behavior:          https://bugs.php.net/fix.php?id=64133&r=notwrong
Not enough info:            
https://bugs.php.net/fix.php?id=64133&r=notenoughinfo
Submitted twice:            
https://bugs.php.net/fix.php?id=64133&r=submittedtwice
register_globals:           https://bugs.php.net/fix.php?id=64133&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=64133&r=php4
Daylight Savings:           https://bugs.php.net/fix.php?id=64133&r=dst
IIS Stability:              https://bugs.php.net/fix.php?id=64133&r=isapi
Install GNU Sed:            https://bugs.php.net/fix.php?id=64133&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=64133&r=float
No Zend Extensions:         https://bugs.php.net/fix.php?id=64133&r=nozend
MySQL Configuration Error:  https://bugs.php.net/fix.php?id=64133&r=mysqlcfg

Reply via email to