archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix GH-9339: OpenSSL oid_file path check warning contains uninitialized path

Browse source
This commit is contained in:
Jakub Zelenka 2022-08-15 12:05:19 +01:00
parent 7c6316ad1c
commit 84dcf578b1
No known key found for this signature in database
GPG key ID: 1C0779DC5C0A9DE4
3 changed files with 32 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
NEWS
View file

@ -20,6 +20,10 @@ PHP NEWS
. Fixed bug GH-9033 (Loading blacklist file can fail due to negative length). . Fixed bug GH-9033 (Loading blacklist file can fail due to negative length).
(cmb) (cmb)
- OpenSSL:
. Fixed bug GH-9339 (OpenSSL oid_file path check warning contains
uninitialized path). (Jakub Zelenka)
- PDO_SQLite: - PDO_SQLite:
. Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values). (cmb) . Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values). (cmb)

6
ext/openssl/openssl.c
View file

@ -506,15 +506,15 @@ static bool php_openssl_check_path_ex(
error_msg = "must not contain any null bytes"; error_msg = "must not contain any null bytes";
error_type = E_ERROR; error_type = E_ERROR;
} else if (expand_filepath(fs_file_path, real_path) == NULL) { } else if (expand_filepath(fs_file_path, real_path) == NULL) {
error_msg = "The argument must be a valid file path"; error_msg = "must be a valid file path";
} }
if (error_msg != NULL) { if (error_msg != NULL) {
if (arg_num == 0) { if (arg_num == 0) {
const char *option_title = option_name ? option_name : "unknown"; const char *option_title = option_name ? option_name : "unknown";
const char *option_label = is_from_array ? "array item" : "option"; const char *option_label = is_from_array ? "array item" : "option";
php_error_docref(NULL, E_WARNING, "Path '%s' for %s %s %s", php_error_docref(NULL, E_WARNING, "Path for %s %s %s",
real_path, option_title, option_label, error_msg); option_title, option_label, error_msg);
} else if (is_from_array && option_name != NULL) { } else if (is_from_array && option_name != NULL) {
php_openssl_check_path_error( php_openssl_check_path_error(
arg_num, error_type, "option %s array item %s", option_name, error_msg); arg_num, error_type, "option %s array item %s", option_name, error_msg);

25
ext/openssl/tests/gh9339.phpt Normal file
View file

@ -0,0 +1,25 @@
--TEST--
GH-9339: oid_file path check warning contains uninitialized path
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip openssl not loaded");
?>
--FILE--
<?php
$configCode = <<<CONFIG
oid_file = %s
[ req ]
default_bits = 1024
CONFIG;
$configFile = __DIR__ . '/gh9339.cnf';
file_put_contents($configFile, sprintf($configCode, __DIR__ . '/' . str_repeat('a', 9000)));
openssl_pkey_new([ 'config' => $configFile ]);
?>
--CLEAN--
<?php
@unlink(__DIR__ . '/gh9339.cnf');
?>
--EXPECTF--
Warning: openssl_pkey_new(): Path for oid_file option must be a valid file path in %s on line %d