archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 13:38:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix GH-19245: Success error message on TLS stream accept failure
Some checks are pending
Push / MACOS_DEBUG_NTS (push) Waiting to run
Details
Push / WINDOWS_X64_ZTS (push) Waiting to run
Details
Push / LINUX_X64_RELEASE_NTS (push) Has been skipped
Details
Push / LINUX_X64_DEBUG_ZTS_ASAN (push) Has been skipped
Details
Push / LINUX_X32_DEBUG_ZTS (push) Has been skipped
Details
Push / BENCHMARKING (push) Has been skipped
Details
Push / FREEBSD (push) Has been skipped
Details

Browse source 
This overwrites the previous message from the successful accept call.

Closes GH-19246
This commit is contained in:
Jakub Zelenka 2025-07-26 13:47:58 +02:00
parent a0bd2c9fcf
commit 2b415e416e
No known key found for this signature in database
GPG key ID: 1C0779DC5C0A9DE4
3 changed files with 62 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
NEWS
View file

@ -2,6 +2,9 @@ PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? ????, PHP 8.3.26
- OpenSSL:
. Fixed bug GH-19245 (Success error message on TLS stream accept failure).
(Jakub Zelenka)
28 Aug 2025, PHP 8.3.25

53
ext/openssl/tests/gh19245.phpt Normal file
View file

@ -0,0 +1,53 @@
--TEST--
GH-19245: Success error message on TLS stream accept failure
--EXTENSIONS--
openssl
--SKIPIF--
<?php
if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
include 'ServerClientTestCase.inc';
$baseDir = __DIR__ . '/gh19245';
$baseDirCertFile = $baseDir . '/cert.crt';
$baseDirPkFile = $baseDir . '/private.key';
$serverCodeTemplate = <<<'CODE'
ini_set('log_errors', 'On');
ini_set('open_basedir', __DIR__ . '/gh19245');
$serverUri = "ssl://127.0.0.1:0";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => '%s',
'local_pk' => '%s',
]]);
$sock = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify_server_start($sock);
$link = stream_socket_accept($sock);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://{{ ADDR }}";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_peer_name' => false
]]);
@stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx);
CODE;
$serverCode = sprintf($serverCodeTemplate, $baseDirCertFile . "\0test", $baseDirPkFile);
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--EXPECTF--
PHP Warning: stream_socket_accept(): Path for local_cert in ssl stream context option must not contain any null bytes in %s
PHP Warning: stream_socket_accept(): Unable to get real path of certificate file `%scert.crt' in %s
PHP Warning: stream_socket_accept(): Failed to enable crypto in %s
PHP Warning: stream_socket_accept(): Accept failed: Cannot enable crypto in %s

6
ext/openssl/xp_ssl.c
View file

@ -2398,6 +2398,12 @@ static inline int php_openssl_tcp_sockop_accept(php_stream *stream, php_openssl_
php_stream_close(xparam->outputs.client);
xparam->outputs.client = NULL;
xparam->outputs.returncode = -1;
if (xparam->want_errortext) {
if (xparam->outputs.error_text) {
zend_string_free(xparam->outputs.error_text);
}
xparam->outputs.error_text = ZSTR_INIT_LITERAL("Cannot enable crypto", 0);
}
}
}
}