diff options
author | Anatol Belski <ab@php.net> | 2016-05-06 09:00:58 +0200 |
---|---|---|
committer | Anatol Belski <ab@php.net> | 2016-05-06 09:01:27 +0200 |
commit | 7277c85765d1053c8cd1d1093902df541b3d101a (patch) | |
tree | 88414c74051ada69645714f31022f55e58b1f870 | |
parent | 080f6b10ecf6af557e8dc1732eb154a916cf6838 (diff) | |
download | php-git-7277c85765d1053c8cd1d1093902df541b3d101a.tar.gz |
Fixed bug #72165 Null pointer dereference - openssl_csr_new
-rw-r--r-- | ext/openssl/openssl.c | 12 | ||||
-rw-r--r-- | ext/openssl/tests/bug72165.phpt | 17 |
2 files changed, 26 insertions, 3 deletions
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 4a096f779a..44b3fa4985 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -2764,12 +2764,18 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z } } if (attribs) { - ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(attribs), strindex, item) { + zend_long numindex; + ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(attribs), numindex, strindex, item) { int nid; convert_to_string_ex(item); - - nid = OBJ_txt2nid(ZSTR_VAL(strindex)); + if (NULL == strindex) { + char tmp[ZEND_LTOA_BUF_LEN]; + ZEND_LTOA(numindex, tmp, ZEND_LTOA_BUF_LEN); + nid = OBJ_txt2nid(tmp); + } else { + nid = OBJ_txt2nid(ZSTR_VAL(strindex)); + } if (nid != NID_undef) { if (!X509_NAME_add_entry_by_NID(subj, nid, MBSTRING_UTF8, (unsigned char*)Z_STRVAL_P(item), -1, -1, 0)) { php_error_docref(NULL, E_WARNING, "attribs: add_entry_by_NID %d -> %s (failed)", nid, Z_STRVAL_P(item)); diff --git a/ext/openssl/tests/bug72165.phpt b/ext/openssl/tests/bug72165.phpt new file mode 100644 index 0000000000..c7e0d1a7c6 --- /dev/null +++ b/ext/openssl/tests/bug72165.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #72165 Null pointer dereference - openssl_csr_new +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip"); +?> +--FILE-- +<?php +$var0 = array(0 => "hello", 1 => "world"); +$var2 = openssl_csr_new(array(0),$var0,null,array(0)); +?> +==DONE== +--EXPECTF-- +Warning: openssl_csr_new(): dn: is not a recognized name in %sbug72165.php on line %d + +Warning: openssl_csr_new(): add1_attr_by_txt challengePassword_min -> 4 (failed; check error queue and value of string_mask OpenSSL option if illegal characters are reported) in %sbug72165.php on line %d +==DONE== |