diff options
| -rw-r--r-- | ext/date/php_date.c | 2 | ||||
| -rw-r--r-- | ext/intl/calendar/calendar_methods.cpp | 2 | ||||
| -rw-r--r-- | ext/openssl/openssl.c | 179 | ||||
| -rw-r--r-- | ext/openssl/xp_ssl.c | 49 | ||||
| -rw-r--r-- | ext/session/mod_files.c | 1 |
5 files changed, 143 insertions, 90 deletions
diff --git a/ext/date/php_date.c b/ext/date/php_date.c index c6db35b709..a00c4c5a94 100644 --- a/ext/date/php_date.c +++ b/ext/date/php_date.c @@ -1441,7 +1441,7 @@ PHPAPI zend_long php_parse_date(char *string, zend_long *now) Convert string representation of date and time to a timestamp */ PHP_FUNCTION(strtotime) { - char *times, *initial_ts; + char *times; size_t time_len; int error1, error2; struct timelib_error_container *error; diff --git a/ext/intl/calendar/calendar_methods.cpp b/ext/intl/calendar/calendar_methods.cpp index 40f1ff2f01..0b5b0c134d 100644 --- a/ext/intl/calendar/calendar_methods.cpp +++ b/ext/intl/calendar/calendar_methods.cpp @@ -1246,7 +1246,7 @@ U_CFUNC PHP_FUNCTION(intlcal_to_date_time) int64_t ts; char ts_str[sizeof("@-9223372036854775808")]; int ts_str_len; - zval ts_tmp, ts_zval, tmp; + zval ts_zval, tmp; INTL_METHOD_CHECK_STATUS(co, "Call to ICU method has failed"); diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 1a4c1c3052..58f1cb5316 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -845,13 +845,30 @@ static int add_oid_section(struct php_x509_request * req) /* {{{ */ #define SET_OPTIONAL_LONG_ARG(key, varname, defval) \ if (optional_args && (item = zend_hash_str_find(Z_ARRVAL_P(optional_args), key, sizeof(key)-1)) != NULL && Z_TYPE_P(item) == IS_LONG) \ - varname = Z_LVAL_P(item); \ + varname = (int)Z_LVAL_P(item); \ else \ varname = defval static const EVP_CIPHER * php_openssl_get_evp_cipher_from_algo(zend_long algo); -int openssl_spki_cleanup(const char *src, char *dest); +/* {{{ strip line endings from spkac */ +static int openssl_spki_cleanup(const char *src, char *dest) +{ + int removed=0; + + while (*src) { + if (*src!='\n'&&*src!='\r') { + *dest++=*src; + } else { + ++removed; + } + ++src; + } + *dest=0; + return removed; +} +/* }}} */ + static int php_openssl_parse_config(struct php_x509_request * req, zval * optional_args) /* {{{ */ { @@ -1377,7 +1394,7 @@ static X509 * php_openssl_x509_from_zval(zval * val, int makeresource, zend_reso } else { BIO *in; - in = BIO_new_mem_buf(Z_STRVAL_P(val), Z_STRLEN_P(val)); + in = BIO_new_mem_buf(Z_STRVAL_P(val), (int)Z_STRLEN_P(val)); if (in == NULL) { return NULL; } @@ -1493,7 +1510,10 @@ PHP_FUNCTION(openssl_spki_new) } if (challenge) { - ASN1_STRING_set(spki->spkac->challenge, challenge, challenge_len); + if (!ASN1_STRING_set(spki->spkac->challenge, challenge, (int)challenge_len)) { + php_error_docref(NULL, E_WARNING, "Unable to set challenge data"); + goto cleanup; + } } if (!NETSCAPE_SPKI_set_pubkey(spki, pkey)) { @@ -1546,7 +1566,7 @@ cleanup: PHP_FUNCTION(openssl_spki_verify) { size_t spkstr_len; - int i = 0; + int i = 0, spkstr_cleaned_len = 0; char *spkstr = NULL, * spkstr_cleaned = NULL; EVP_PKEY *pkey = NULL; @@ -1563,14 +1583,14 @@ PHP_FUNCTION(openssl_spki_verify) } spkstr_cleaned = emalloc(spkstr_len + 1); - openssl_spki_cleanup(spkstr, spkstr_cleaned); + spkstr_cleaned_len = (int)(spkstr_len - openssl_spki_cleanup(spkstr, spkstr_cleaned)); - if (strlen(spkstr_cleaned)<=0) { + if (spkstr_cleaned_len == 0) { php_error_docref(NULL, E_WARNING, "Invalid SPKAC"); goto cleanup; } - spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned)); + spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, spkstr_cleaned_len); if (spki == NULL) { php_error_docref(NULL, E_WARNING, "Unable to decode supplied SPKAC"); goto cleanup; @@ -1608,6 +1628,7 @@ PHP_FUNCTION(openssl_spki_export) { size_t spkstr_len; char *spkstr = NULL, * spkstr_cleaned = NULL, * s = NULL; + int spkstr_cleaned_len; EVP_PKEY *pkey = NULL; NETSCAPE_SPKI *spki = NULL; @@ -1624,9 +1645,14 @@ PHP_FUNCTION(openssl_spki_export) } spkstr_cleaned = emalloc(spkstr_len + 1); - openssl_spki_cleanup(spkstr, spkstr_cleaned); + spkstr_cleaned_len = (int)(spkstr_len - openssl_spki_cleanup(spkstr, spkstr_cleaned)); - spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned)); + if (spkstr_cleaned_len == 0) { + php_error_docref(NULL, E_WARNING, "Invalid SPKAC"); + goto cleanup; + } + + spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, spkstr_cleaned_len); if (spki == NULL) { php_error_docref(NULL, E_WARNING, "Unable to decode supplied SPKAC"); goto cleanup; @@ -1668,6 +1694,7 @@ PHP_FUNCTION(openssl_spki_export_challenge) { size_t spkstr_len; char *spkstr = NULL, * spkstr_cleaned = NULL; + int spkstr_cleaned_len; NETSCAPE_SPKI *spki = NULL; @@ -1682,9 +1709,14 @@ PHP_FUNCTION(openssl_spki_export_challenge) } spkstr_cleaned = emalloc(spkstr_len + 1); - openssl_spki_cleanup(spkstr, spkstr_cleaned); + spkstr_cleaned_len = (int)(spkstr_len - openssl_spki_cleanup(spkstr, spkstr_cleaned)); + + if (spkstr_cleaned_len == 0) { + php_error_docref(NULL, E_WARNING, "Invalid SPKAC"); + goto cleanup; + } - spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, strlen(spkstr_cleaned)); + spki = NETSCAPE_SPKI_b64_decode(spkstr_cleaned, spkstr_cleaned_len); if (spki == NULL) { php_error_docref(NULL, E_WARNING, "Unable to decode SPKAC"); goto cleanup; @@ -1700,24 +1732,6 @@ cleanup: } /* }}} */ -/* {{{ strip line endings from spkac */ -int openssl_spki_cleanup(const char *src, char *dest) -{ - int removed=0; - - while (*src) { - if (*src!='\n'&&*src!='\r') { - *dest++=*src; - } else { - ++removed; - } - ++src; - } - *dest=0; - return removed; -} -/* }}} */ - /* {{{ proto bool openssl_x509_export(mixed x509, string &out [, bool notext = true]) Exports a CERT to file or a var */ PHP_FUNCTION(openssl_x509_export) @@ -2162,7 +2176,7 @@ PHP_FUNCTION(openssl_x509_checkpurpose) goto clean_exit; } - ret = check_cert(cainfo, cert, untrustedchain, purpose); + ret = check_cert(cainfo, cert, untrustedchain, (int)purpose); if (ret != 0 && ret != 1) { RETVAL_LONG(ret); } else { @@ -2519,7 +2533,7 @@ PHP_FUNCTION(openssl_pkcs12_read) bio_in = BIO_new(BIO_s_mem()); - if(!BIO_write(bio_in, zp12, zp12_len)) + if(0 >= BIO_write(bio_in, zp12, (int)zp12_len)) goto cleanup; if(d2i_PKCS12_bio(bio_in, &p12)) { @@ -2660,7 +2674,7 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z v = sk_CONF_VALUE_value(dn_sk, i); type = v->name; - len = strlen(type); + len = (int)strlen(type); if (len < sizeof("_default")) { continue; } @@ -2776,7 +2790,7 @@ static X509_REQ * php_openssl_csr_from_zval(zval * val, int makeresource, zend_r } in = BIO_new_file(filename, "r"); } else { - in = BIO_new_mem_buf(Z_STRVAL_P(val), Z_STRLEN_P(val)); + in = BIO_new_mem_buf(Z_STRVAL_P(val), (int)Z_STRLEN_P(val)); } csr = PEM_read_bio_X509_REQ(in, NULL,NULL,NULL); BIO_free(in); @@ -2950,7 +2964,7 @@ PHP_FUNCTION(openssl_csr_sign) goto cleanup; - ASN1_INTEGER_set(X509_get_serialNumber(new_cert), serial); + ASN1_INTEGER_set(X509_get_serialNumber(new_cert), (long)serial); X509_set_subject_name(new_cert, X509_REQ_get_subject_name(csr)); @@ -2961,7 +2975,7 @@ PHP_FUNCTION(openssl_csr_sign) goto cleanup; } X509_gmtime_adj(X509_get_notBefore(new_cert), 0); - X509_gmtime_adj(X509_get_notAfter(new_cert), (long)60*60*24*num_days); + X509_gmtime_adj(X509_get_notAfter(new_cert), 60*60*24*(long)num_days); i = X509_set_pubkey(new_cert, key); if (!i) { goto cleanup; @@ -3274,7 +3288,7 @@ static EVP_PKEY * php_openssl_evp_from_zval(zval * val, int public_key, char * p if (filename) { in = BIO_new_file(filename, "r"); } else { - in = BIO_new_mem_buf(Z_STRVAL_P(val), Z_STRLEN_P(val)); + in = BIO_new_mem_buf(Z_STRVAL_P(val), (int)Z_STRLEN_P(val)); } if (in == NULL) { TMP_CLEAN; @@ -3292,7 +3306,7 @@ static EVP_PKEY * php_openssl_evp_from_zval(zval * val, int public_key, char * p } in = BIO_new_file(filename, "r"); } else { - in = BIO_new_mem_buf(Z_STRVAL_P(val), Z_STRLEN_P(val)); + in = BIO_new_mem_buf(Z_STRVAL_P(val), (int)Z_STRLEN_P(val)); } if (in == NULL) { @@ -3468,7 +3482,7 @@ static int php_openssl_is_private_key(EVP_PKEY* pkey) Z_TYPE_P(bn) == IS_STRING) { \ _type->_name = BN_bin2bn( \ (unsigned char*)Z_STRVAL_P(bn), \ - Z_STRLEN_P(bn), NULL); \ + (int)Z_STRLEN_P(bn), NULL); \ } \ } while (0); @@ -3631,11 +3645,11 @@ PHP_FUNCTION(openssl_pkey_export_to_file) switch (EVP_PKEY_type(key->type)) { #ifdef HAVE_EVP_PKEY_EC case EVP_PKEY_EC: - pem_write = PEM_write_bio_ECPrivateKey(bio_out, EVP_PKEY_get1_EC_KEY(key), cipher, (unsigned char *)passphrase, passphrase_len, NULL, NULL); + pem_write = PEM_write_bio_ECPrivateKey(bio_out, EVP_PKEY_get1_EC_KEY(key), cipher, (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL); break; #endif default: - pem_write = PEM_write_bio_PrivateKey(bio_out, key, cipher, (unsigned char *)passphrase, passphrase_len, NULL, NULL); + pem_write = PEM_write_bio_PrivateKey(bio_out, key, cipher, (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL); break; } @@ -3699,11 +3713,11 @@ PHP_FUNCTION(openssl_pkey_export) switch (EVP_PKEY_type(key->type)) { #ifdef HAVE_EVP_PKEY_EC case EVP_PKEY_EC: - pem_write = PEM_write_bio_ECPrivateKey(bio_out, EVP_PKEY_get1_EC_KEY(key), cipher, (unsigned char *)passphrase, passphrase_len, NULL, NULL); + pem_write = PEM_write_bio_ECPrivateKey(bio_out, EVP_PKEY_get1_EC_KEY(key), cipher, (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL); break; #endif default: - pem_write = PEM_write_bio_PrivateKey(bio_out, key, cipher, (unsigned char *)passphrase, passphrase_len, NULL, NULL); + pem_write = PEM_write_bio_PrivateKey(bio_out, key, cipher, (unsigned char *)passphrase, (int)passphrase_len, NULL, NULL); break; } @@ -3965,7 +3979,7 @@ PHP_FUNCTION(openssl_pbkdf2) out_buffer = zend_string_alloc(key_length, 0); - if (PKCS5_PBKDF2_HMAC(password, password_len, (unsigned char *)salt, salt_len, iterations, digest, key_length, (unsigned char*)out_buffer->val) == 1) { + if (PKCS5_PBKDF2_HMAC(password, (int)password_len, (unsigned char *)salt, (int)salt_len, (int)iterations, digest, (int)key_length, (unsigned char*)out_buffer->val) == 1) { out_buffer->val[key_length] = 0; RETURN_STR(out_buffer); } else { @@ -4052,7 +4066,7 @@ PHP_FUNCTION(openssl_pkcs7_verify) zend_printf("Calling PKCS7 verify\n"); #endif - if (PKCS7_verify(p7, others, store, datain, dataout, flags)) { + if (PKCS7_verify(p7, others, store, datain, dataout, (int)flags)) { RETVAL_TRUE; @@ -4066,7 +4080,7 @@ PHP_FUNCTION(openssl_pkcs7_verify) certout = BIO_new_file(signersfilename, "w"); if (certout) { int i; - signers = PKCS7_get0_signers(p7, NULL, flags); + signers = PKCS7_get0_signers(p7, NULL, (int)flags); for(i = 0; i < sk_X509_num(signers); i++) { PEM_write_bio_X509(certout, sk_X509_value(signers, i)); @@ -4182,7 +4196,7 @@ PHP_FUNCTION(openssl_pkcs7_encrypt) goto clean_exit; } - p7 = PKCS7_encrypt(recipcerts, infile, (EVP_CIPHER*)cipher, flags); + p7 = PKCS7_encrypt(recipcerts, infile, (EVP_CIPHER*)cipher, (int)flags); if (p7 == NULL) { goto clean_exit; @@ -4204,7 +4218,7 @@ PHP_FUNCTION(openssl_pkcs7_encrypt) (void)BIO_reset(infile); /* write the encrypted data */ - SMIME_write_PKCS7(outfile, p7, infile, flags); + SMIME_write_PKCS7(outfile, p7, infile, (int)flags); RETVAL_TRUE; @@ -4284,7 +4298,7 @@ PHP_FUNCTION(openssl_pkcs7_sign) goto clean_exit; } - p7 = PKCS7_sign(cert, privkey, others, infile, flags); + p7 = PKCS7_sign(cert, privkey, others, infile, (int)flags); if (p7 == NULL) { php_error_docref(NULL, E_WARNING, "error creating PKCS7 structure!"); goto clean_exit; @@ -4305,7 +4319,7 @@ PHP_FUNCTION(openssl_pkcs7_sign) } ZEND_HASH_FOREACH_END(); } /* write the signed data */ - SMIME_write_PKCS7(outfile, p7, infile, flags); + SMIME_write_PKCS7(outfile, p7, infile, (int)flags); RETVAL_TRUE; @@ -4421,6 +4435,9 @@ PHP_FUNCTION(openssl_private_encrypt) if (pkey == NULL) { php_error_docref(NULL, E_WARNING, "key param is not a valid private key"); RETURN_FALSE; + } else if (INT_MAX < data_len) { + php_error_docref(NULL, E_WARNING, "data is too long"); + RETURN_FALSE; } cryptedlen = EVP_PKEY_size(pkey); @@ -4429,11 +4446,11 @@ PHP_FUNCTION(openssl_private_encrypt) switch (pkey->type) { case EVP_PKEY_RSA: case EVP_PKEY_RSA2: - successful = (RSA_private_encrypt(data_len, + successful = (RSA_private_encrypt((int)data_len, (unsigned char *)data, (unsigned char *)cryptedbuf->val, pkey->pkey.rsa, - padding) == cryptedlen); + (int)padding) == cryptedlen); break; default: php_error_docref(NULL, E_WARNING, "key type not supported in this PHP build!"); @@ -4479,6 +4496,9 @@ PHP_FUNCTION(openssl_private_decrypt) if (pkey == NULL) { php_error_docref(NULL, E_WARNING, "key parameter is not a valid private key"); RETURN_FALSE; + } else if (INT_MAX < data_len) { + php_error_docref(NULL, E_WARNING, "data is too long"); + RETURN_FALSE; } cryptedlen = EVP_PKEY_size(pkey); @@ -4487,11 +4507,11 @@ PHP_FUNCTION(openssl_private_decrypt) switch (pkey->type) { case EVP_PKEY_RSA: case EVP_PKEY_RSA2: - cryptedlen = RSA_private_decrypt(data_len, + cryptedlen = RSA_private_decrypt((int)data_len, (unsigned char *)data, crypttemp, pkey->pkey.rsa, - padding); + (int)padding); if (cryptedlen != -1) { cryptedbuf = zend_string_alloc(cryptedlen, 0); memcpy(cryptedbuf->val, crypttemp, cryptedlen); @@ -4543,6 +4563,9 @@ PHP_FUNCTION(openssl_public_encrypt) if (pkey == NULL) { php_error_docref(NULL, E_WARNING, "key parameter is not a valid public key"); RETURN_FALSE; + } else if (INT_MAX < data_len) { + php_error_docref(NULL, E_WARNING, "data is too long"); + RETURN_FALSE; } cryptedlen = EVP_PKEY_size(pkey); @@ -4551,11 +4574,11 @@ PHP_FUNCTION(openssl_public_encrypt) switch (pkey->type) { case EVP_PKEY_RSA: case EVP_PKEY_RSA2: - successful = (RSA_public_encrypt(data_len, + successful = (RSA_public_encrypt((int)data_len, (unsigned char *)data, (unsigned char *)cryptedbuf->val, pkey->pkey.rsa, - padding) == cryptedlen); + (int)padding) == cryptedlen); break; default: php_error_docref(NULL, E_WARNING, "key type not supported in this PHP build!"); @@ -4602,6 +4625,9 @@ PHP_FUNCTION(openssl_public_decrypt) if (pkey == NULL) { php_error_docref(NULL, E_WARNING, "key parameter is not a valid public key"); RETURN_FALSE; + } else if (INT_MAX < data_len) { + php_error_docref(NULL, E_WARNING, "data is too long"); + RETURN_FALSE; } cryptedlen = EVP_PKEY_size(pkey); @@ -4610,11 +4636,11 @@ PHP_FUNCTION(openssl_public_decrypt) switch (pkey->type) { case EVP_PKEY_RSA: case EVP_PKEY_RSA2: - cryptedlen = RSA_public_decrypt(data_len, + cryptedlen = RSA_public_decrypt((int)data_len, (unsigned char *)data, crypttemp, pkey->pkey.rsa, - padding); + (int)padding); if (cryptedlen != -1) { cryptedbuf = zend_string_alloc(cryptedlen, 0); memcpy(cryptedbuf->val, crypttemp, cryptedlen); @@ -4774,7 +4800,7 @@ PHP_FUNCTION(openssl_verify) EVP_VerifyInit (&md_ctx, mdtype); EVP_VerifyUpdate (&md_ctx, data, data_len); - err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, signature_len, pkey); + err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, (int)signature_len, pkey); EVP_MD_CTX_cleanup(&md_ctx); if (keyresource == NULL) { @@ -4809,6 +4835,9 @@ PHP_FUNCTION(openssl_seal) if (!nkeys) { php_error_docref(NULL, E_WARNING, "Fourth argument to openssl_seal() must be a non-empty array"); RETURN_FALSE; + } else if (INT_MAX < data_len) { + php_error_docref(NULL, E_WARNING, "data is too long"); + RETURN_FALSE; } if (method) { @@ -4856,7 +4885,7 @@ PHP_FUNCTION(openssl_seal) buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx)); EVP_CIPHER_CTX_cleanup(&ctx); - if (!EVP_SealInit(&ctx, cipher, eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) { + if (!EVP_SealInit(&ctx, cipher, eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, (int)data_len)) { RETVAL_FALSE; efree(buf); EVP_CIPHER_CTX_cleanup(&ctx); @@ -4938,6 +4967,12 @@ PHP_FUNCTION(openssl_open) if (pkey == NULL) { php_error_docref(NULL, E_WARNING, "unable to coerce parameter 4 into a private key"); RETURN_FALSE; + } else if (INT_MAX < ekey_len) { + php_error_docref(NULL, E_WARNING, "ekey is too long"); + RETURN_FALSE; + } else if (INT_MAX < data_len) { + php_error_docref(NULL, E_WARNING, "data is too long"); + RETURN_FALSE; } if (method) { @@ -4952,7 +4987,7 @@ PHP_FUNCTION(openssl_open) buf = emalloc(data_len + 1); - if (EVP_OpenInit(&ctx, cipher, (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) { + if (EVP_OpenInit(&ctx, cipher, (unsigned char *)ekey, (int)ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, (int)data_len)) { if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) { efree(buf); RETVAL_FALSE; @@ -5122,6 +5157,9 @@ PHP_FUNCTION(openssl_encrypt) if (!cipher_type) { php_error_docref(NULL, E_WARNING, "Unknown cipher algorithm"); RETURN_FALSE; + } else if (INT_MAX < data_len) { + php_error_docref(NULL, E_WARNING, "data is too long"); + RETURN_FALSE; } keylen = EVP_CIPHER_key_length(cipher_type); @@ -5139,19 +5177,19 @@ PHP_FUNCTION(openssl_encrypt) } free_iv = php_openssl_validate_iv(&iv, &iv_len, max_iv_len); - outlen = data_len + EVP_CIPHER_block_size(cipher_type); + outlen = (int)data_len + EVP_CIPHER_block_size(cipher_type); outbuf = zend_string_alloc(outlen, 0); EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL); if (password_len > keylen) { - EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); + EVP_CIPHER_CTX_set_key_length(&cipher_ctx, (int)password_len); } EVP_EncryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); if (options & OPENSSL_ZERO_PADDING) { EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); } if (data_len > 0) { - EVP_EncryptUpdate(&cipher_ctx, (unsigned char*)outbuf->val, &i, (unsigned char *)data, data_len); + EVP_EncryptUpdate(&cipher_ctx, (unsigned char*)outbuf->val, &i, (unsigned char *)data, (int)data_len); } outlen = i; if (EVP_EncryptFinal(&cipher_ctx, (unsigned char *)outbuf->val + i, &i)) { @@ -5203,6 +5241,9 @@ PHP_FUNCTION(openssl_decrypt) if (!method_len) { php_error_docref(NULL, E_WARNING, "Unknown cipher algorithm"); RETURN_FALSE; + } else if (INT_MAX < data_len) { + php_error_docref(NULL, E_WARNING, "data is too long"); + RETURN_FALSE; } cipher_type = EVP_get_cipherbyname(method); @@ -5212,7 +5253,7 @@ PHP_FUNCTION(openssl_decrypt) } if (!(options & OPENSSL_RAW_DATA)) { - base64_str = php_base64_decode((unsigned char*)data, data_len); + base64_str = php_base64_decode((unsigned char*)data, (int)data_len); if (!base64_str) { php_error_docref(NULL, E_WARNING, "Failed to base64 decode the input"); RETURN_FALSE; @@ -5232,18 +5273,18 @@ PHP_FUNCTION(openssl_decrypt) free_iv = php_openssl_validate_iv(&iv, &iv_len, EVP_CIPHER_iv_length(cipher_type)); - outlen = data_len + EVP_CIPHER_block_size(cipher_type); + outlen = (int)data_len + EVP_CIPHER_block_size(cipher_type); outbuf = zend_string_alloc(outlen, 0); EVP_DecryptInit(&cipher_ctx, cipher_type, NULL, NULL); if (password_len > keylen) { - EVP_CIPHER_CTX_set_key_length(&cipher_ctx, password_len); + EVP_CIPHER_CTX_set_key_length(&cipher_ctx, (int)password_len); } EVP_DecryptInit_ex(&cipher_ctx, NULL, NULL, key, (unsigned char *)iv); if (options & OPENSSL_ZERO_PADDING) { EVP_CIPHER_CTX_set_padding(&cipher_ctx, 0); } - EVP_DecryptUpdate(&cipher_ctx, (unsigned char*)outbuf->val, &i, (unsigned char *)data, data_len); + EVP_DecryptUpdate(&cipher_ctx, (unsigned char*)outbuf->val, &i, (unsigned char *)data, (int)data_len); outlen = i; if (EVP_DecryptFinal(&cipher_ctx, (unsigned char *)outbuf->val + i, &i)) { outlen += i; @@ -5314,7 +5355,7 @@ PHP_FUNCTION(openssl_dh_compute_key) RETURN_FALSE; } - pub = BN_bin2bn((unsigned char*)pub_str, pub_len, NULL); + pub = BN_bin2bn((unsigned char*)pub_str, (int)pub_len, NULL); data = zend_string_alloc(DH_size(pkey->pkey.dh), 0); len = DH_compute_key((unsigned char*)data->val, pub, pkey->pkey.dh); diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index fb37b03b8f..a888d23403 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -149,7 +149,7 @@ static int handle_ssl_error(php_stream *stream, int nr_bytes, zend_bool is_init) int err = SSL_get_error(sslsock->ssl_handle, nr_bytes); char esbuf[512]; smart_str ebuf = {0}; - zend_ulong ecode; + unsigned long ecode; int retry = 1; switch(err) { @@ -314,7 +314,8 @@ static zend_bool php_x509_fingerprint_match(X509 *peer, zval *val) static zend_bool matches_wildcard_name(const char *subjectname, const char *certname) /* {{{ */ { char *wildcard = NULL; - int prefix_len, suffix_len, subject_len; + ptrdiff_t prefix_len; + size_t suffix_len, subject_len; if (strcasecmp(subjectname, certname) == 0) { return 1; @@ -517,7 +518,7 @@ static int passwd_callback(char *buf, int num, int verify, void *data) /* {{{ */ if (passphrase) { if (Z_STRLEN_P(val) < num - 1) { memcpy(buf, Z_STRVAL_P(val), Z_STRLEN_P(val)+1); - return Z_STRLEN_P(val); + return (int)Z_STRLEN_P(val); } } return 0; @@ -925,9 +926,9 @@ static const SSL_METHOD *php_select_crypto_method(zend_long method_value, int is } /* }}} */ -static zend_long php_get_crypto_method_ctx_flags(zend_long method_flags) /* {{{ */ +static int php_get_crypto_method_ctx_flags(int method_flags) /* {{{ */ { - zend_long ssl_ctx_options = SSL_OP_ALL; + int ssl_ctx_options = SSL_OP_ALL; #ifndef OPENSSL_NO_SSL2 if (!(method_flags & STREAM_CRYPTO_METHOD_SSLv2)) { @@ -1376,8 +1377,8 @@ int php_openssl_setup_crypto(php_stream *stream, ) /* {{{ */ { const SSL_METHOD *method; - long ssl_ctx_options; - long method_flags; + int ssl_ctx_options; + int method_flags; char *cipherlist = NULL; zval *val; @@ -1755,7 +1756,6 @@ static size_t php_openssl_sockop_read(php_stream *stream, char *buf, size_t coun static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, size_t count) /* {{{ */ { php_openssl_netstream_data_t *sslsock = (php_openssl_netstream_data_t*)stream->abstract; - int nr_bytes = 0; /* Only do this if SSL is active. */ if (sslsock->ssl_active) { @@ -1764,6 +1764,12 @@ static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, siz *timeout; int blocked = sslsock->s.is_blocked, has_timeout = 0; + int nr_bytes = 0; + + /* prevent overflow in openssl */ + if (count > INT_MAX) { + count = INT_MAX; + } /* Begin by making the socket non-blocking. This allows us to check the timeout. */ if (SUCCESS == php_set_sock_blocking(sslsock->s.socket, 0)) { @@ -1803,7 +1809,7 @@ static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, siz /* Now, do the IO operation. Don't block if we can't complete... */ if (read) { - nr_bytes = SSL_read(sslsock->ssl_handle, buf, count); + nr_bytes = SSL_read(sslsock->ssl_handle, buf, (int)count); if (sslsock->reneg && sslsock->reneg->should_close) { /* renegotiation rate limiting triggered */ @@ -1813,7 +1819,7 @@ static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, siz break; } } else { - nr_bytes = SSL_write(sslsock->ssl_handle, buf, count); + nr_bytes = SSL_write(sslsock->ssl_handle, buf, (int)count); } /* Now, how much time until we time out? */ @@ -1885,7 +1891,11 @@ static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, siz php_set_sock_blocking(sslsock->s.socket, 1); sslsock->s.is_blocked = 1; } + + return 0 > nr_bytes ? 0 : nr_bytes; } else { + size_t nr_bytes = 0; + /* * This block is if we had no timeout... We will just sit and wait forever on the IO operation. */ @@ -1894,14 +1904,9 @@ static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, siz } else { nr_bytes = php_stream_socket_ops.write(stream, buf, count); } - } - /* PHP doesn't expect a negative return. */ - if (nr_bytes < 0) { - nr_bytes = 0; + return nr_bytes; } - - return nr_bytes; } /* }}} */ @@ -2089,7 +2094,11 @@ static int php_openssl_sockop_set_option(php_stream *stream, int option, int val if (value == -1) { if (sslsock->s.timeout.tv_sec == -1) { - tv.tv_sec = FG(default_socket_timeout); +#ifdef _WIN32 + tv.tv_sec = (long)FG(default_socket_timeout); +#else + tv.tv_sec = (time_t)FG(default_socket_timeout); +#endif tv.tv_usec = 0; } else { tv = sslsock->connect_timeout; @@ -2302,7 +2311,11 @@ php_stream *php_openssl_ssl_socket_factory(const char *proto, size_t protolen, sslsock->s.is_blocked = 1; /* this timeout is used by standard stream funcs, therefor it should use the default value */ - sslsock->s.timeout.tv_sec = FG(default_socket_timeout); +#ifdef _WIN32 + sslsock->s.timeout.tv_sec = (long)FG(default_socket_timeout); +#else + sslsock->s.timeout.tv_sec = (time_t)FG(default_socket_timeout); +#endif sslsock->s.timeout.tv_usec = 0; /* use separate timeout for our private funcs */ diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c index 36c9a3354e..1e13d67e58 100644 --- a/ext/session/mod_files.c +++ b/ext/session/mod_files.c @@ -220,7 +220,6 @@ static void ps_files_open(ps_files *data, const char *key) static int ps_files_write(ps_files *data, zend_string *key, zend_string *val) { zend_long n; - zend_stat_t sbuf; /* PS(id) may be changed by calling session_regenerate_id(). Re-initialization should be tried here. ps_files_open() checks |