Bug #64133 [Nab]: overflow in PHP_FUNCTION(openssl_csr_sign)

Sun, 03 Feb 2013 03:56:22 -0800 

Edit report at https://bugs.php.net/bug.php?id=64133&edit=1

 ID:                 64133
 User updated by:    alex at hollerith dot net
 Reported by:        alex at hollerith dot net
 Summary:            overflow in PHP_FUNCTION(openssl_csr_sign)
 Status:             Not a bug
 Type:               Bug
 Package:            OpenSSL related
 Operating System:   FreeBSD i386
 PHP Version:        master-Git-2013-02-02 (Git)
 Block user comment: N
 Private report:     N

 New Comment:

I've asked on the openssl-users mailinglist and was told that there is a new 
API 
function in OpenSSL that would be able to work around the problem:

X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL);

Not sure if you want to make the effort, I suppose it would mean to check for 
what 
Version of OpenSSL is available and then either call one or the other API 
function 
- I just thought it might be helpful to have that information here in the 
ticket.


Previous Comments:
------------------------------------------------------------------------
[2013-02-02 15:57:17] paj...@php.net

See http://rt.openssl.org/Ticket/Display.html?id=534

Not an issue in PHP, the signature of X509_gmtime_adj actually expects a long.

------------------------------------------------------------------------
[2013-02-02 15:34:11] alex at hollerith dot net

Description:
------------
Potential overflow in this code:

/* {{{ proto resource openssl_csr_sign(mixed csr, mixed x509, mixed priv_key, 
long 
days [, array config_args [, long serial]])
   Signs a cert with another CERT */
PHP_FUNCTION(openssl_csr_sign)
{
   zval ** zcert = NULL, **zcsr, **zpkey, *args = NULL;
   long num_days;
......
       X509_gmtime_adj(X509_get_notAfter(new_cert), (long)60*60*24*num_days);
......

When "num_days" is big, say 36500 (for 100 years) this casting to "long" will 
overflow in 32-bit environments where usually "sizeof(long) = 4".

This is relevant for applications like the pfsense Firewall system on embedded 
hardware like the Soekris6501, where only i386 versions can be installed.



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=64133&edit=1

Reply via email to