File: php5-CVE-2011-1468.patch

package info (click to toggle)
php5 5.3.3.1-7%2Bsqueeze29
  • links: PTS, VCS
  • area: main
  • in suites: squeeze-lts
  • size: 123,520 kB
  • ctags: 55,742
  • sloc: ansic: 633,963; php: 19,620; sh: 11,344; xml: 5,816; cpp: 2,400; yacc: 1,745; exp: 1,514; makefile: 1,019; pascal: 623; awk: 537; sql: 22
file content (93 lines) | stat: -rw-r--r-- 2,509 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
 
Subject: fix bug #54060, memory leak in openssl_encrypt
Origin: http://svn.php.net/viewvc?view=revision&revision=308531

Also includes http://svn.php.net/viewvc?view=revision&revision=308532

  - fix test 025

http://svn.php.net/viewvc?view=revision&revision=308534

  - fix bug #54061, memory leak in openssl_decrypt

and http://svn.php.net/viewvc?view=revision&revision=308535 which adds a
testcase for #54061

CVE-2011-1468

Patch differs from upstream commits in that the addition to the NEWS
file was dropped to reduce patch conflicts.

--- /dev/null
+++ b/ext/openssl/tests/bug54061.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #54061 (Memory leak in openssl_decrypt)
+--SKIPIF--
+<?php if (!extension_loaded("openssl")) die("skip"); ?>
+--FILE--
+<?php
+$data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243
+r7-89437 r892374 r894372 r894 7289r7 f  frwerfh i iurf iuryw uyrfouiwy ruy
+972439 8478942 yrhfjkdhls";
+$pass = "r23498rui324hjbnkj";
+
+$cr = openssl_encrypt($data, 'des3', $pass, false, '1qazxsw2');
+$dcr = openssl_decrypt($cr, 'des3', $pass, false, '1qazxsw2');
+echo "Done";
+?>
+--EXPECT--
+Done
--- /dev/null
+++ b/ext/openssl/tests/bug54060.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #54060 (Memory leak in openssl_encrypt)
+--SKIPIF--
+<?php if (!extension_loaded("openssl")) die("skip"); ?>
+--FILE--
+<?php
+
+$data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243
+r7-89437 r892374 r894372 r894 7289r7 f  frwerfh i iurf iuryw uyrfouiwy ruy
+972439 8478942 yrhfjkdhls";
+$pass = "r23498rui324hjbnkj";
+
+openssl_encrypt($data, 'des3', $pass, false, '1qazxsw2');
+echo "Done";
+?>
+--EXPECT--
+Done
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -3545,14 +3545,13 @@ PHP_FUNCTION(openssl_pkcs7_sign)
 	char * outfilename;	int outfilename_len;
 	char * extracertsfilename = NULL; int extracertsfilename_len;
 
-	RETVAL_FALSE;
-
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssZZa!|ls",
 				&infilename, &infilename_len, &outfilename, &outfilename_len,
 				&zcert, &zprivkey, &zheaders, &flags, &extracertsfilename,
 				&extracertsfilename_len) == FAILURE) {
 		return;
 	}
+	RETVAL_FALSE;
 
 	if (strlen(infilename) != infilename_len) {
 		return;
@@ -4732,6 +4731,7 @@ PHP_FUNCTION(openssl_encrypt)
 	if (free_iv) {
 		efree(iv);
 	}
+	EVP_CIPHER_CTX_cleanup(&cipher_ctx);
 }
 /* }}} */
 
@@ -4805,6 +4805,7 @@ PHP_FUNCTION(openssl_decrypt)
 	if (base64_str) {
 		efree(base64_str);
 	}
+ 	EVP_CIPHER_CTX_cleanup(&cipher_ctx);
 }
 /* }}} */