archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-8.2' into PHP-8.3

Browse source
This commit is contained in:
Jakub Zelenka 2023-10-22 13:23:10 +01:00
commit ac07b6e7ac
No known key found for this signature in database
GPG key ID: 1C0779DC5C0A9DE4
3 changed files with 44 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
NEWS
View file

@ -26,6 +26,10 @@ PHP NEWS
. Fixed bug GH-8143 (Crashes in zend_accel_inheritance_cache_find since . Fixed bug GH-8143 (Crashes in zend_accel_inheritance_cache_find since
upgrading to 8.1.3 due to corrupt on-disk file cache). (turchanov) upgrading to 8.1.3 due to corrupt on-disk file cache). (turchanov)
- OpenSSL:
Fixed bug GH-12489 (Missing sigbio creation checking in openssl_cms_verify).
(Jakub Zelenka)
- Random: - Random:
. Fix Randomizer::getFloat() returning incorrect results under . Fix Randomizer::getFloat() returning incorrect results under
certain circumstances. (timwolla) certain circumstances. (timwolla)

5
ext/openssl/openssl.c
View file

@ -5986,12 +5986,15 @@ PHP_FUNCTION(openssl_cms_verify)
goto clean_exit; goto clean_exit;
} }
if (sigfile && (flags & CMS_DETACHED)) { if (sigfile && (flags & CMS_DETACHED)) {
sigbio = php_openssl_bio_new_file(sigfile, sigfile_len, 1, PHP_OPENSSL_BIO_MODE_R(flags));
if (encoding == ENCODING_SMIME) { if (encoding == ENCODING_SMIME) {
php_error_docref(NULL, E_WARNING, php_error_docref(NULL, E_WARNING,
"Detached signatures not possible with S/MIME encoding"); "Detached signatures not possible with S/MIME encoding");
goto clean_exit; goto clean_exit;
} }
sigbio = php_openssl_bio_new_file(sigfile, sigfile_len, 1, PHP_OPENSSL_BIO_MODE_R(flags));
if (sigbio == NULL) {
goto clean_exit;
}
} else { } else {
sigbio = in; /* non-detached signature */ sigbio = in; /* non-detached signature */
} }

36
ext/openssl/tests/gh12489.phpt Normal file
View file

@ -0,0 +1,36 @@
--TEST--
GH-12489: Missing sigbio creation checking in openssl_cms_verify
--EXTENSIONS--
openssl
--FILE--
<?php
$infile = __DIR__ . "/plain.txt";
$outfile = __DIR__ . "/out.cms";;
$vout = $outfile . '.vout';
$privkey = "file://" . __DIR__ . "/private_rsa_1024.key";
$single_cert = "file://" . __DIR__ . "/cert.crt";
$assoc_headers = array("To" => "test@test", "Subject" => "testing openssl_cms_sign()");
$headers = array("test@test", "testing openssl_cms_sign()");
var_dump(openssl_cms_sign($infile, $outfile, openssl_x509_read($single_cert), $privkey, $headers,
OPENSSL_CMS_DETACHED|OPENSSL_CMS_BINARY,OPENSSL_ENCODING_PEM));
ini_set('open_basedir', __DIR__);
var_dump(openssl_cms_verify($infile,OPENSSL_CMS_NOVERIFY|OPENSSL_CMS_DETACHED|OPENSSL_CMS_BINARY,
NULL, array(), NULL, $vout, NULL, "../test.cms", OPENSSL_ENCODING_PEM));
var_dump(openssl_error_string());
?>
--CLEAN--
<?php
$outfile = __DIR__ . "/out.cms";;
$vout = $outfile . '.vout';
@unlink($outfile);
@unlink($vout);
?>
--EXPECTF--
bool(true)
Warning: openssl_cms_verify(): open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s) in %s on line %d
bool(false)
bool(false)