iliaa Sun Dec 21 13:17:19 2003 EDT
Modified files:
/php-src/ext/openssl openssl.c
Log:
Fixed uninitialized usage of mdtype when unknown signature algorithm is
found.
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.85 php-src/ext/openssl/openssl.c:1.86
--- php-src/ext/openssl/openssl.c:1.85 Thu Nov 27 12:40:15 2003
+++ php-src/ext/openssl/openssl.c Sun Dec 21 13:17:18 2003
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: openssl.c,v 1.85 2003/11/27 17:40:15 wez Exp $ */
+/* $Id: openssl.c,v 1.86 2003/12/21 18:17:18 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -2838,9 +2838,6 @@
RETURN_FALSE;
}
- siglen = EVP_PKEY_size(pkey);
- sigbuf = emalloc(siglen + 1);
-
switch (signature_algo) {
case OPENSSL_ALGO_SHA1:
mdtype = (EVP_MD *) EVP_sha1();
@@ -2854,8 +2851,15 @@
case OPENSSL_ALGO_MD2:
mdtype = (EVP_MD *) EVP_md2();
break;
+ default:
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown signature
algorithm.");
+ RETURN_FALSE;
+ break;
}
-
+
+ siglen = EVP_PKEY_size(pkey);
+ sigbuf = emalloc(siglen + 1);
+
EVP_SignInit(&md_ctx, mdtype);
EVP_SignUpdate(&md_ctx, data, data_len);
if (EVP_SignFinal (&md_ctx, sigbuf, &siglen, pkey)) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
