diff options
| author | Jakub Zelenka <bukka@php.net> | 2016-09-13 18:17:04 +0100 |
|---|---|---|
| committer | Jakub Zelenka <bukka@php.net> | 2016-09-13 18:19:20 +0100 |
| commit | 3a739c9f9f049335c1a1194cd3a50b0cab211d0b (patch) | |
| tree | c0c47dc66e657698589ec301720a2cac1660be5f | |
| parent | c8a9ad1527160536e81dec702ebb0c52d85635a8 (diff) | |
| parent | 05baa927277c820de4deee0991c24c7f4c545105 (diff) | |
| download | php-git-3a739c9f9f049335c1a1194cd3a50b0cab211d0b.tar.gz | |
Merge branch 'PHP-5.6' into PHP-7.0
| -rw-r--r-- | ext/openssl/tests/bug73072.phpt | 45 | ||||
| -rw-r--r-- | ext/openssl/xp_ssl.c | 9 |
2 files changed, 51 insertions, 3 deletions
diff --git a/ext/openssl/tests/bug73072.phpt b/ext/openssl/tests/bug73072.phpt new file mode 100644 index 0000000000..cc352233e1 --- /dev/null +++ b/ext/openssl/tests/bug73072.phpt @@ -0,0 +1,45 @@ +--TEST-- +Bug #73072: Invalid path SNI_server_certs causes segfault +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip openssl not loaded"); +?> +--FILE-- +<?php +$serverCode = <<<'CODE' + $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN; + $ctx = stream_context_create(['ssl' => [ + 'local_cert' => __DIR__ . '/domain1.pem', + 'SNI_server_certs' => [ + "domain1.com" => __DIR__ . "/sni_server_domain1.pem", + "domain2.com" => __DIR__ . "/not_existing.pem", + ] + ]]); + + $server = stream_socket_server('tls://127.0.0.1:64322', $errno, $errstr, $flags, $ctx); + + phpt_notify(); + @stream_socket_accept($server, 3); + // if there is a segfault, this won't be called + fwrite(STDERR, "done\n"); +CODE; + +$clientCode = <<<'CODE' + $flags = STREAM_CLIENT_CONNECT; + $ctxArr = [ + 'cafile' => __DIR__ . '/sni_server_ca.pem', + 'capture_peer_cert' => true + ]; + + phpt_wait(); + + $ctxArr['peer_name'] = 'domain1.com'; + $ctx = stream_context_create(['ssl' => $ctxArr]); + @stream_socket_client("tls://127.0.0.1:64322", $errno, $errstr, 1, $flags, $ctx); +CODE; + +include 'ServerClientTestCase.inc'; +ServerClientTestCase::getInstance()->run($clientCode, $serverCode); +?> +--EXPECT-- +done diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 53536a1a77..208aafcd7b 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -1356,6 +1356,7 @@ static int enable_server_sni(php_stream *stream, php_openssl_netstream_data_t *s sslsock->sni_certs = (php_openssl_sni_cert_t*)safe_pemalloc(sslsock->sni_cert_count, sizeof(php_openssl_sni_cert_t), 0, php_stream_is_persistent(stream) ); + memset(sslsock->sni_certs, 0, sslsock->sni_cert_count * sizeof(php_openssl_sni_cert_t)); ZEND_HASH_FOREACH_KEY_VAL(Z_ARRVAL_P(val), key_index, key, current) { (void) key_index; @@ -2161,9 +2162,11 @@ static int php_openssl_sockop_close(php_stream *stream, int close_handle) /* {{{ } if (sslsock->sni_certs) { - for (i=0; i<sslsock->sni_cert_count; i++) { - SSL_CTX_free(sslsock->sni_certs[i].ctx); - pefree(sslsock->sni_certs[i].name, php_stream_is_persistent(stream)); + for (i = 0; i < sslsock->sni_cert_count; i++) { + if (sslsock->sni_certs[i].ctx) { + SSL_CTX_free(sslsock->sni_certs[i].ctx); + pefree(sslsock->sni_certs[i].name, php_stream_is_persistent(stream)); + } } pefree(sslsock->sni_certs, php_stream_is_persistent(stream)); sslsock->sni_certs = NULL; |