[PHP-CVS] com php-src: Merge branch 'str_size_and_int64' into str_size_and_int64_openssl: ext/openssl/openssl.c
Commit:7e85b12b5375a4e10d83dce3c8f91e0d0a48f0e8 Author:Jakub Zelenka bu...@php.net Sun, 1 Dec 2013 20:04:58 + Parents: b34ce97417ffe7269a340982fe8b0f86983e12e7 6b9396bd8ebe06567646bb77a78724474ac13ba8 Branches: str_size_and_int64 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=7e85b12b5375a4e10d83dce3c8f91e0d0a48f0e8 Log: Merge branch 'str_size_and_int64' into str_size_and_int64_openssl Conflicts: ext/openssl/openssl.c Changed paths: MM ext/openssl/openssl.c Diff: diff --cc ext/openssl/openssl.c index 2fe8341,3bb1b06..335a39f --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@@ -5200,13 -5134,13 +5200,13 @@@ static int passwd_callback(char *buf, i GET_VER_OPT_STRING(passphrase, passphrase); - if (passphrase) { - if (Z_STRSIZE_PP(val) num - 1) { - memcpy(buf, Z_STRVAL_PP(val), Z_STRSIZE_PP(val)+1); - return (int) Z_STRSIZE_PP(val); - } - } + if (passphrase) { + if (Z_STRSIZE_PP(val) num - 1) { + memcpy(buf, Z_STRVAL_PP(val), Z_STRSIZE_PP(val)+1); + return Z_STRSIZE_PP(val); + } + } -return 0; + return 0; } /* }}} */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Merge remote-tracking branch 'origin/master' into str_size_and_int64: Zend/zend_compile.c Zend/zend_compile.h Zend/zend_globals.h Zend/zend_language_parser.y main/streams/plain_
Commit:325224832babac68b4c7d0ab1f38db5ce1192cb1 Author:Anatol Belski a...@php.net Mon, 9 Dec 2013 10:20:04 +0100 Parents: 31a4d08d37e744789f1718b890cbb0a9f1b9728d 912be1243207a334a856c0d759c978a3029fd6d5 Branches: str_size_and_int64 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=325224832babac68b4c7d0ab1f38db5ce1192cb1 Log: Merge remote-tracking branch 'origin/master' into str_size_and_int64 Conflicts: Zend/zend_compile.c Zend/zend_compile.h Changed paths: MM Zend/zend_compile.c MM Zend/zend_compile.h MM Zend/zend_globals.h MM Zend/zend_language_parser.y MM main/streams/plain_wrapper.c diff --cc Zend/zend_compile.c index 3da1084,35f5f30..77675f6 --- a/Zend/zend_compile.c +++ b/Zend/zend_compile.c @@@ -417,12 -421,16 +421,16 @@@ int zend_add_ns_func_name_literal(zend_ lc_literal = zend_add_literal(CG(active_op_array), c TSRMLS_CC); CALCULATE_LITERAL_HASH(lc_literal); - ns_separator = (const char*)zend_memrchr(Z_STRVAL_P(zv), '\\', Z_STRSIZE_P(zv)) + 1; - lc_len = Z_STRSIZE_P(zv) - (ns_separator - Z_STRVAL_P(zv)); - lc_name = zend_str_tolower_dup(ns_separator, lc_len); - ZVAL_STRINGL(c, lc_name, lc_len, 0); - lc_literal = zend_add_literal(CG(active_op_array), c TSRMLS_CC); - CALCULATE_LITERAL_HASH(lc_literal); + ns_separator = (const char*)zend_memrchr(Z_STRVAL_P(zv), '\\', Z_STRLEN_P(zv)); + + if (ns_separator != NULL) { + ns_separator += 1; - lc_len = Z_STRLEN_P(zv) - (ns_separator - Z_STRVAL_P(zv)); ++ lc_len = Z_STRSIZE_P(zv) - (ns_separator - Z_STRVAL_P(zv)); + lc_name = zend_str_tolower_dup(ns_separator, lc_len); + ZVAL_STRINGL(c, lc_name, lc_len, 0); + lc_literal = zend_add_literal(CG(active_op_array), c TSRMLS_CC); + CALCULATE_LITERAL_HASH(lc_literal); + } return ret; } @@@ -1703,14 -1725,15 +1725,15 @@@ void zend_do_begin_function_declaration opline-op1_type = IS_CONST; build_runtime_defined_function_key(key, lcname, name_len TSRMLS_CC); opline-op1.constant = zend_add_literal(CG(active_op_array), key TSRMLS_CC); - Z_HASH_P(CONSTANT(opline-op1.constant)) = zend_hash_func(Z_STRVAL(CONSTANT(opline-op1.constant)), Z_STRLEN(CONSTANT(opline-op1.constant))); + Z_HASH_P(CONSTANT(opline-op1.constant)) = zend_hash_func(Z_STRVAL(CONSTANT(opline-op1.constant)), Z_STRSIZE(CONSTANT(opline-op1.constant))); opline-op2_type = IS_CONST; - LITERAL_STRINGL(opline-op2, lcname, name_len, 0); + LITERAL_STRINGL(opline-op2, lcname, name_len, 1); CALCULATE_LITERAL_HASH(opline-op2.constant); opline-extended_value = ZEND_DECLARE_FUNCTION; - zend_hash_quick_update(CG(function_table), Z_STRVAL(key), Z_STRLEN(key), Z_HASH_P(CONSTANT(opline-op1.constant)), op_array, sizeof(zend_op_array), (void **) CG(active_op_array)); + zend_hash_quick_update(CG(function_table), Z_STRVAL(key), Z_STRSIZE(key), Z_HASH_P(CONSTANT(opline-op1.constant)), op_array, sizeof(zend_op_array), (void **) CG(active_op_array)); zend_stack_push(CG(context_stack), (void *) CG(context), sizeof(CG(context))); zend_init_compiler_context(TSRMLS_C); + str_efree(lcname); } if (CG(compiler_options) ZEND_COMPILE_EXTENDED_INFO) { @@@ -1931,9 -1954,9 +1954,9 @@@ int zend_do_begin_function_call(znode * { zend_function *function; char *lcname; - char *is_compound = memchr(Z_STRVAL(function_name-u.constant), '\\', Z_STRLEN(function_name-u.constant)); + char *is_compound = memchr(Z_STRVAL(function_name-u.constant), '\\', Z_STRSIZE(function_name-u.constant)); - zend_resolve_non_class_name(function_name, check_namespace TSRMLS_CC); + zend_resolve_function_name(function_name, check_namespace TSRMLS_CC); if (check_namespace CG(current_namespace) !is_compound) { /* We assume we call function from the current namespace @@@ -2070,12 -2093,12 +2093,12 @@@ void zend_do_begin_dynamic_function_cal } /* }}} */ - void zend_resolve_non_class_name(znode *element_name, zend_bool check_namespace TSRMLS_DC) /* {{{ */ + void zend_resolve_non_class_name(znode *element_name, zend_bool *check_namespace, zend_bool case_sensitive, HashTable *current_import_sub TSRMLS_DC) /* {{{ */ { znode tmp; - int len; + zend_str_size len; zval **ns; - char *lcname, *compound = memchr(Z_STRVAL(element_name-u.constant), '\\', Z_STRSIZE(element_name-u.constant)); - char *lookup_name, *compound = memchr(Z_STRVAL(element_name-u.constant), '\\', Z_STRLEN(element_name-u.constant)); ++ char *lookup_name, *compound = memchr(Z_STRVAL(element_name-u.constant), '\\',
[PHP-CVS] com php-src: Fix typo: ext/openssl/openssl.c
Commit:8710929b78b728c3ef6d09309b7375ae236e78eb Author:Jakub Zelenka bu...@php.net Mon, 2 Dec 2013 19:54:25 + Parents: 1488acb3044d1cbac49d8996981307316ff2c108 Branches: str_size_and_int64 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=8710929b78b728c3ef6d09309b7375ae236e78eb Log: Fix typo Changed paths: M ext/openssl/openssl.c Diff: diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 4fb2758..820e6c4 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -4750,7 +4750,7 @@ PHP_FUNCTION(openssl_sign) sigbuf = emalloc(siglen + 1); EVP_SignInit(md_ctx, mdtype); - EVP_SignUpdate(md_ctx, data, data_len);INT_MAX; + EVP_SignUpdate(md_ctx, data, data_len); if (EVP_SignFinal (md_ctx, sigbuf,(unsigned int *)siglen, pkey)) { zval_dtor(signature); sigbuf[siglen] = '\0'; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Add missing overflow checks: ext/openssl/openssl.c
Commit:fbfae33e398c874132ed21dc6ab93a7d8fcbc258 Author:Jakub Zelenka bu...@php.net Wed, 4 Dec 2013 19:01:39 + Parents: 8710929b78b728c3ef6d09309b7375ae236e78eb Branches: str_size_and_int64 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=fbfae33e398c874132ed21dc6ab93a7d8fcbc258 Log: Add missing overflow checks Changed paths: M ext/openssl/openssl.c Diff: diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 820e6c4..0a4f932 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -4856,6 +4856,12 @@ PHP_FUNCTION(openssl_seal) if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Szza/|S, data, data_len, sealdata, ekeys, pubkeys, method, method_len) == FAILURE) { return; } + + if (data_len INT_MAX) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Data is too long; it needs to be at most %d bytes, not ZEND_UINT_FMT, + INT_MAX, data_len); + RETURN_FALSE; + } pubkeysht = HASH_OF(pubkeys); nkeys = pubkeysht ? zend_hash_num_elements(pubkeysht) : 0; @@ -4922,7 +4928,7 @@ PHP_FUNCTION(openssl_seal) zval_dtor(sealdata); buf[len1 + len2] = '\0'; buf = erealloc(buf, len1 + len2 + 1); - ZVAL_STRINGL(sealdata, (char *)buf, (zend_str_size_int)(len1 + len2), 0); + ZVAL_STRINGL(sealdata, (char *)buf, len1 + len2, 0); zval_dtor(ekeys); array_init(ekeys); @@ -4984,6 +4990,17 @@ PHP_FUNCTION(openssl_open) return; } + if (data_len INT_MAX) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Data is too long; it needs to be at most %d bytes, not ZEND_UINT_FMT, + INT_MAX, data_len); + RETURN_FALSE; + } + if (ekey_len INT_MAX) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Envelope key is too long; it needs to be at most %d bytes, not ZEND_UINT_FMT, + INT_MAX, ekey_len); + RETURN_FALSE; + } + pkey = php_openssl_evp_from_zval(privkey, 0, , 0, keyresource TSRMLS_CC); if (pkey == NULL) { php_error_docref(NULL TSRMLS_CC, E_WARNING, unable to coerce parameter 4 into a private key); @@ -5022,7 +5039,7 @@ PHP_FUNCTION(openssl_open) } zval_dtor(opendata); buf[len1 + len2] = '\0'; - ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), (zend_str_size_int)(len1 + len2), 0); + ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0); RETURN_TRUE; } /* }}} */ @@ -5455,7 +5472,7 @@ static zend_bool php_openssl_validate_iv(char **piv, zend_str_size_int *piv_len, iv_new = ecalloc(1, iv_required_len + 1); - if (*piv_len = 0) { + if (*piv_len == 0) { /* BC behavior */ *piv_len = iv_required_len; *piv = iv_new; @@ -5494,6 +5511,18 @@ PHP_FUNCTION(openssl_encrypt) if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, SSS|iS, data, data_len, method, method_len, password, password_len, options, iv, iv_len) == FAILURE) { return; } + + if (data_len INT_MAX) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Data is too long; it needs to be at most %d bytes, not ZEND_UINT_FMT, + INT_MAX, data_len); + RETURN_FALSE; + } + if (password_len INT_MAX) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Password is too long; it needs to be at most %d bytes, not ZEND_UINT_FMT, + INT_MAX, password_len); + RETURN_FALSE; + } + cipher_type = EVP_get_cipherbyname(method); if (!cipher_type) { php_error_docref(NULL TSRMLS_CC, E_WARNING, Unknown cipher algorithm); @@ -5509,8 +5538,8 @@ PHP_FUNCTION(openssl_encrypt) key = (unsigned char*)password; } - max_iv_len = (zend_str_size_int)EVP_CIPHER_iv_length(cipher_type); - if (iv_len = 0 max_iv_len 0) { + max_iv_len = EVP_CIPHER_iv_length(cipher_type); + if (iv_len == 0 max_iv_len 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, Using an empty Initialization Vector (iv) is potentially insecure and not recommended); } free_iv = php_openssl_validate_iv(iv, iv_len, max_iv_len TSRMLS_CC); @@ -5576,6 +5605,17 @@ PHP_FUNCTION(openssl_decrypt) return; } + if (data_len INT_MAX) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Data is too long; it needs to be at most %d bytes, not ZEND_UINT_FMT, + INT_MAX, data_len); + RETURN_FALSE; + } + if (password_len INT_MAX) { + php_error_docref(NULL
[PHP-CVS] com php-src: add some overflow checks and use correct msg formatting in openssl: ext/openssl/openssl.c
Commit:b34ce97417ffe7269a340982fe8b0f86983e12e7 Author:Jakub Zelenka bu...@php.net Sun, 1 Dec 2013 19:53:45 + Parents: 215811e3fdb7b4f2786576851c8687c6249c4725 Branches: str_size_and_int64 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=b34ce97417ffe7269a340982fe8b0f86983e12e7 Log: add some overflow checks and use correct msg formatting in openssl Changed paths: M ext/openssl/openssl.c diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index fb11458..2fe8341 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -812,7 +812,7 @@ static int add_oid_section(struct php_x509_request * req TSRMLS_DC) /* {{{ */ else \ varname = defval -static const EVP_CIPHER * php_openssl_get_evp_cipher_from_algo(long algo); +static const EVP_CIPHER * php_openssl_get_evp_cipher_from_algo(php_int_t algo); int openssl_spki_cleanup(const char *src, char *dest); @@ -1302,6 +1302,9 @@ static X509 * php_openssl_x509_from_zval(zval ** val, int makeresource, php_int_ } else { BIO *in; + if (Z_STRSIZE_PP(val) INT_MAX) { + return NULL; + } in = BIO_new_mem_buf(Z_STRVAL_PP(val), (int)Z_STRSIZE_PP(val)); if (in == NULL) { return NULL; @@ -1417,6 +1420,11 @@ PHP_FUNCTION(openssl_spki_new) } if (challenge) { + if (challenge_len INT_MAX) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Challenge is too long; it needs to be at most %d bytes, not ZEND_UINT_FMT, + INT_MAX, challenge_len); + goto cleanup; + } ASN1_STRING_set(spki-spkac-challenge, challenge, (int)challenge_len); } @@ -1468,8 +1476,8 @@ cleanup: Verifies spki returns boolean */ PHP_FUNCTION(openssl_spki_verify) { - int i = 0; zend_str_size_int spkstr_len; + int i = 0; char *spkstr = NULL, * spkstr_cleaned = NULL; EVP_PKEY *pkey = NULL; @@ -2289,7 +2297,7 @@ static STACK_OF(X509) * php_array_to_X509_sk(zval ** zcerts TSRMLS_DC) /* {{{ */ HashPosition hpos; zval ** zcertval; STACK_OF(X509) * sk = NULL; -X509 * cert; + X509 * cert; php_int_t certresource; sk = sk_X509_new_null(); @@ -2790,6 +2798,8 @@ static X509_REQ * php_openssl_csr_from_zval(zval ** val, int makeresource, php_i return NULL; } in = BIO_new_file(filename, r); + } else if (Z_STRSIZE_PP(val) INT_MAX) { + return NULL; } else { in = BIO_new_mem_buf(Z_STRVAL_PP(val), (int)Z_STRSIZE_PP(val)); } @@ -2964,6 +2974,10 @@ PHP_FUNCTION(openssl_csr_sign) if (!X509_set_version(new_cert, 2)) goto cleanup; + if (serial LONG_MAX) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, The serial number is too high); + goto cleanup; + } ASN1_INTEGER_set(X509_get_serialNumber(new_cert), (long)serial); X509_set_subject_name(new_cert, X509_REQ_get_subject_name(csr)); @@ -2975,6 +2989,11 @@ PHP_FUNCTION(openssl_csr_sign) goto cleanup; } X509_gmtime_adj(X509_get_notBefore(new_cert), 0); + if (num_days (LONG_MAX / (60*60*24 + 1))) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, The number of days is too high; expected at most %ld days, not ZEND_INT_FMT, + LONG_MAX / (60*60*24 + 1), num_days); + goto cleanup; + } X509_gmtime_adj(X509_get_notAfter(new_cert), (long)60*60*24*(long)num_days); i = X509_set_pubkey(new_cert, key); if (!i) { @@ -3287,6 +3306,8 @@ static EVP_PKEY * php_openssl_evp_from_zval(zval ** val, int public_key, char * BIO* in; if (filename) { in = BIO_new_file(filename, r); + } else if (Z_STRSIZE_PP(val) INT_MAX) { + TMP_CLEAN; } else { in = BIO_new_mem_buf(Z_STRVAL_PP(val), (int)Z_STRSIZE_PP(val)); } @@ -3305,6 +3326,8 @@ static EVP_PKEY * php_openssl_evp_from_zval(zval ** val, int public_key, char * TMP_CLEAN; } in = BIO_new_file(filename, r); + } else if (Z_STRSIZE_PP(val) INT_MAX) { + TMP_CLEAN; } else { in = BIO_new_mem_buf(Z_STRVAL_PP(val), (int)Z_STRSIZE_PP(val)); } @@ -3343,10 +3366,15 @@ static EVP_PKEY *