author | Craig Mohrman <craig.mohrman@oracle.com> |
Wed, 09 Apr 2014 16:18:40 -0700 | |
branch | s11-update |
changeset 3067 | 61e6cd945591 |
permissions | -rw-r--r-- |
3067
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
1 |
Fix for CVE-2013-4248 |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
2 |
Patch: |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
3 |
http://git.php.net/?p=php-src.git;a=patch;h=2874696a5a8d46639d261571f915c493cd875897 |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
4 |
Code: |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
5 |
http://git.php.net/?p=php-src.git;a=commit;h=2874696a5a8d46639d261571f915c493cd875897 |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
6 |
This patch is for php 5.4 code but works well enough on php 5.2 code. |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
7 |
Verified by hand that it patches the correct code. |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
8 |
|
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
9 |
|
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
10 |
|
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
11 |
From 2874696a5a8d46639d261571f915c493cd875897 Mon Sep 17 00:00:00 2001 |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
12 |
From: Stanislav Malyshev <[email protected]> |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
13 |
Date: Tue, 13 Aug 2013 22:20:33 -0700 |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
14 |
Subject: [PATCH] Fix CVE-2013-4073 - handling of certs with null bytes |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
15 |
|
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
16 |
--- |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
17 |
NEWS | 4 ++ |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
18 |
ext/openssl/openssl.c | 86 ++++++++++++++++++++++++++++++++++++- |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
19 |
ext/openssl/tests/cve2013_4073.pem | 28 ++++++++++++ |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
20 |
ext/openssl/tests/cve2013_4073.phpt | 19 ++++++++ |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
21 |
4 files changed, 135 insertions(+), 2 deletions(-) |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
22 |
create mode 100644 ext/openssl/tests/cve2013_4073.pem |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
23 |
create mode 100644 ext/openssl/tests/cve2013_4073.phpt |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
24 |
|
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
25 |
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
26 |
index d7ac117..c32748c 100644 |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
27 |
--- a/ext/openssl/openssl.c |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
28 |
+++ b/ext/openssl/openssl.c |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
29 |
@@ -1398,6 +1398,74 @@ PHP_FUNCTION(openssl_x509_check_private_key) |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
30 |
} |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
31 |
/* }}} */ |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
32 |
|
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
33 |
+/* Special handling of subjectAltName, see CVE-2013-4073 |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
34 |
+ * Christian Heimes |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
35 |
+ */ |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
36 |
+ |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
37 |
+static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
38 |
+{ |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
39 |
+ GENERAL_NAMES *names; |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
40 |
+ const X509V3_EXT_METHOD *method = NULL; |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
41 |
+ long i, length, num; |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
42 |
+ const unsigned char *p; |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
43 |
+ |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
44 |
+ method = X509V3_EXT_get(extension); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
45 |
+ if (method == NULL) { |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
46 |
+ return -1; |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
47 |
+ } |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
48 |
+ |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
49 |
+ p = extension->value->data; |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
50 |
+ length = extension->value->length; |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
51 |
+ if (method->it) { |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
52 |
+ names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
53 |
+ ASN1_ITEM_ptr(method->it))); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
54 |
+ } else { |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
55 |
+ names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length)); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
56 |
+ } |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
57 |
+ if (names == NULL) { |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
58 |
+ return -1; |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
59 |
+ } |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
60 |
+ |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
61 |
+ num = sk_GENERAL_NAME_num(names); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
62 |
+ for (i = 0; i < num; i++) { |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
63 |
+ GENERAL_NAME *name; |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
64 |
+ ASN1_STRING *as; |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
65 |
+ name = sk_GENERAL_NAME_value(names, i); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
66 |
+ switch (name->type) { |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
67 |
+ case GEN_EMAIL: |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
68 |
+ BIO_puts(bio, "email:"); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
69 |
+ as = name->d.rfc822Name; |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
70 |
+ BIO_write(bio, ASN1_STRING_data(as), |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
71 |
+ ASN1_STRING_length(as)); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
72 |
+ break; |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
73 |
+ case GEN_DNS: |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
74 |
+ BIO_puts(bio, "DNS:"); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
75 |
+ as = name->d.dNSName; |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
76 |
+ BIO_write(bio, ASN1_STRING_data(as), |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
77 |
+ ASN1_STRING_length(as)); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
78 |
+ break; |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
79 |
+ case GEN_URI: |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
80 |
+ BIO_puts(bio, "URI:"); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
81 |
+ as = name->d.uniformResourceIdentifier; |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
82 |
+ BIO_write(bio, ASN1_STRING_data(as), |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
83 |
+ ASN1_STRING_length(as)); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
84 |
+ break; |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
85 |
+ default: |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
86 |
+ /* use builtin print for GEN_OTHERNAME, GEN_X400, |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
87 |
+ * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
88 |
+ */ |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
89 |
+ GENERAL_NAME_print(bio, name); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
90 |
+ } |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
91 |
+ /* trailing ', ' except for last element */ |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
92 |
+ if (i < (num - 1)) { |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
93 |
+ BIO_puts(bio, ", "); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
94 |
+ } |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
95 |
+ } |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
96 |
+ sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
97 |
+ |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
98 |
+ return 0; |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
99 |
+} |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
100 |
+ |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
101 |
/* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true]) |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
102 |
Returns an array of the fields/values of the CERT */ |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
103 |
PHP_FUNCTION(openssl_x509_parse) |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
104 |
@@ -1494,15 +1562,29 @@ PHP_FUNCTION(openssl_x509_parse) |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
105 |
|
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
106 |
|
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
107 |
for (i = 0; i < X509_get_ext_count(cert); i++) { |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
108 |
+ int nid; |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
109 |
extension = X509_get_ext(cert, i); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
110 |
- if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) { |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
111 |
+ nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension)); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
112 |
+ if (nid != NID_undef) { |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
113 |
extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
114 |
} else { |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
115 |
OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
116 |
extname = buf; |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
117 |
} |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
118 |
bio_out = BIO_new(BIO_s_mem()); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
119 |
- if (X509V3_EXT_print(bio_out, extension, 0, 0)) { |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
120 |
+ if (nid == NID_subject_alt_name) { |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
121 |
+ if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) { |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
122 |
+ add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
123 |
+ } else { |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
124 |
+ zval_dtor(return_value); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
125 |
+ if (certresource == -1 && cert) { |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
126 |
+ X509_free(cert); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
127 |
+ } |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
128 |
+ BIO_free(bio_out); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
129 |
+ RETURN_FALSE; |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
130 |
+ } |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
131 |
+ } |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
132 |
+ else if (X509V3_EXT_print(bio_out, extension, 0, 0)) { |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
133 |
BIO_get_mem_ptr(bio_out, &bio_buf); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
134 |
add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
135 |
} else { |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
136 |
diff --git a/ext/openssl/tests/cve2013_4073.pem b/ext/openssl/tests/cve2013_4073.pem |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
137 |
new file mode 100644 |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
138 |
index 0000000..7ebb994 |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
139 |
--- /dev/null |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
140 |
+++ b/ext/openssl/tests/cve2013_4073.pem |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
141 |
@@ -0,0 +1,28 @@ |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
142 |
+-----BEGIN CERTIFICATE----- |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
143 |
+MIIE2DCCA8CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMx |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
144 |
+DzANBgNVBAgMBk9yZWdvbjESMBAGA1UEBwwJQmVhdmVydG9uMSMwIQYDVQQKDBpQ |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
145 |
+eXRob24gU29mdHdhcmUgRm91bmRhdGlvbjEgMB4GA1UECwwXUHl0aG9uIENvcmUg |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
146 |
+RGV2ZWxvcG1lbnQxJDAiBgNVBAMMG251bGwucHl0aG9uLm9yZwBleGFtcGxlLm9y |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
147 |
+ZzEkMCIGCSqGSIb3DQEJARYVcHl0aG9uLWRldkBweXRob24ub3JnMB4XDTEzMDgw |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
148 |
+NzEzMTE1MloXDTEzMDgwNzEzMTI1MlowgcUxCzAJBgNVBAYTAlVTMQ8wDQYDVQQI |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
149 |
+DAZPcmVnb24xEjAQBgNVBAcMCUJlYXZlcnRvbjEjMCEGA1UECgwaUHl0aG9uIFNv |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
150 |
+ZnR3YXJlIEZvdW5kYXRpb24xIDAeBgNVBAsMF1B5dGhvbiBDb3JlIERldmVsb3Bt |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
151 |
+ZW50MSQwIgYDVQQDDBtudWxsLnB5dGhvbi5vcmcAZXhhbXBsZS5vcmcxJDAiBgkq |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
152 |
+hkiG9w0BCQEWFXB5dGhvbi1kZXZAcHl0aG9uLm9yZzCCASIwDQYJKoZIhvcNAQEB |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
153 |
+BQADggEPADCCAQoCggEBALXq7cn7Rn1vO3aA3TrzA5QLp6bb7B3f/yN0CJ2XFj+j |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
154 |
+pHs+Gw6WWSUDpybiiKnPec33BFawq3kyblnBMjBU61ioy5HwQqVkJ8vUVjGIUq3P |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
155 |
+vX/wBmQfzCe4o4uM89gpHyUL9UYGG8oCRa17dgqcv7u5rg0Wq2B1rgY+nHwx3JIv |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
156 |
+KRrgSwyRkGzpN8WQ1yrXlxWjgI9de0mPVDDUlywcWze1q2kwaEPTM3hLAmD1PESA |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
157 |
+oY/n8A/RXoeeRs9i/Pm/DGUS8ZPINXk/yOzsR/XvvkTVroIeLZqfmFpnZeF0cHzL |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
158 |
+08LODkVJJ9zjLdT7SA4vnne4FEbAxDbKAq5qkYzaL4UCAwEAAaOB0DCBzTAMBgNV |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
159 |
+HRMBAf8EAjAAMB0GA1UdDgQWBBSIWlXAUv9hzVKjNQ/qWpwkOCL3XDALBgNVHQ8E |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
160 |
+BAMCBeAwgZAGA1UdEQSBiDCBhYIeYWx0bnVsbC5weXRob24ub3JnAGV4YW1wbGUu |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
161 |
+Y29tgSBudWxsQHB5dGhvbi5vcmcAdXNlckBleGFtcGxlLm9yZ4YpaHR0cDovL251 |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
162 |
+bGwucHl0aG9uLm9yZwBodHRwOi8vZXhhbXBsZS5vcmeHBMAAAgGHECABDbgAAAAA |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
163 |
+AAAAAAAAAAEwDQYJKoZIhvcNAQEFBQADggEBAKxPRe99SaghcI6IWT7UNkJw9aO9 |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
164 |
+i9eo0Fj2MUqxpKbdb9noRDy2CnHWf7EIYZ1gznXPdwzSN4YCjV5d+Q9xtBaowT0j |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
165 |
+HPERs1ZuytCNNJTmhyqZ8q6uzMLoht4IqH/FBfpvgaeC5tBTnTT0rD5A/olXeimk |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
166 |
+kX4LxlEx5RAvpGB2zZVRGr6LobD9rVK91xuHYNIxxxfEGE8tCCWjp0+3ksri9SXx |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
167 |
+VHWBnbM9YaL32u3hxm8sYB/Yb8WSBavJCWJJqRStVRHM1koZlJmXNx2BX4vPo6iW |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
168 |
+RFEIPQsFZRLrtnCAiEhyT8bC2s/Njlu6ly9gtJZWSV46Q3ZjBL4q9sHKqZQ= |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
169 |
+-----END CERTIFICATE----- |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
170 |
diff --git a/ext/openssl/tests/cve2013_4073.phpt b/ext/openssl/tests/cve2013_4073.phpt |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
171 |
new file mode 100644 |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
172 |
index 0000000..e676ddf |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
173 |
--- /dev/null |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
174 |
+++ b/ext/openssl/tests/cve2013_4073.phpt |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
175 |
@@ -0,0 +1,19 @@ |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
176 |
+--TEST-- |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
177 |
+CVE 2013-4073: Null-byte certificate handling |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
178 |
+--SKIPIF-- |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
179 |
+<?php |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
180 |
+if (!extension_loaded("openssl")) die("skip"); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
181 |
+--FILE-- |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
182 |
+<?php |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
183 |
+$cert = file_get_contents(__DIR__ . '/cve2013_4073.pem'); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
184 |
+$info = openssl_x509_parse($cert); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
185 |
+var_export($info['extensions']); |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
186 |
+ |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
187 |
+--EXPECTF-- |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
188 |
+array ( |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
189 |
+ 'basicConstraints' => 'CA:FALSE', |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
190 |
+ 'subjectKeyIdentifier' => '88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C', |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
191 |
+ 'keyUsage' => 'Digital Signature, Non Repudiation, Key Encipherment', |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
192 |
+ 'subjectAltName' => 'DNS:altnull.python.org' . "\0" . 'example.com, email:[email protected]' . "\0" . '[email protected], URI:http://null.python.org' . "\0" . 'http://example.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1 |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
193 |
+', |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
194 |
+) |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
195 |
-- |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
196 |
1.8.4.3 |
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
197 |
|
61e6cd945591
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
198 |