author | Craig Mohrman <craig.mohrman@oracle.com> |
Fri, 18 Apr 2014 11:03:12 -0700 | |
branch | s11u1-sru |
changeset 3086 | 649b12aa87ce |
permissions | -rw-r--r-- |
3086
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
1 |
Fix for CVE-2013-6420 |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
2 |
Patch: |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
3 |
http://git.php.net/?p=php-src.git;a=patch;h=c1224573c773b6845e83505f717fbf820fc18415 |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
4 |
Code: |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
5 |
http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415 |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
6 |
This patch is for php 5.3 code but works well enough on php 5.2 code. |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
7 |
Verified by hand that it patches the correct code. |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
8 |
|
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
9 |
|
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
10 |
|
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
11 |
From c1224573c773b6845e83505f717fbf820fc18415 Mon Sep 17 00:00:00 2001 |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
12 |
From: Stanislav Malyshev <[email protected]> |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
13 |
Date: Sun, 8 Dec 2013 11:40:18 -0800 |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
14 |
Subject: [PATCH] Fix CVE-2013-6420 - memory corruption in openssl_x509_parse |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
15 |
|
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
16 |
--- |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
17 |
NEWS | 4 +++- |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
18 |
ext/openssl/openssl.c | 18 ++++++++++++++---- |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
19 |
ext/openssl/tests/cve-2013-6420.crt | 29 +++++++++++++++++++++++++++++ |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
20 |
ext/openssl/tests/cve-2013-6420.phpt | 18 ++++++++++++++++++ |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
21 |
4 files changed, 64 insertions(+), 5 deletions(-) |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
22 |
create mode 100644 ext/openssl/tests/cve-2013-6420.crt |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
23 |
create mode 100644 ext/openssl/tests/cve-2013-6420.phpt |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
24 |
|
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
25 |
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
26 |
index e7672e4..0d2d644 100644 |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
27 |
--- a/ext/openssl/openssl.c |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
28 |
+++ b/ext/openssl/openssl.c |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
29 |
@@ -644,18 +644,28 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /* {{{ */ |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
30 |
char * thestr; |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
31 |
long gmadjust = 0; |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
32 |
|
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
33 |
- if (timestr->length < 13) { |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
34 |
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "extension author too lazy to parse %s correctly", timestr->data); |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
35 |
+ if (ASN1_STRING_type(timestr) != V_ASN1_UTCTIME) { |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
36 |
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal ASN1 data type for timestamp"); |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
37 |
return (time_t)-1; |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
38 |
} |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
39 |
|
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
40 |
- strbuf = estrdup((char *)timestr->data); |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
41 |
+ if (ASN1_STRING_length(timestr) != strlen(ASN1_STRING_data(timestr))) { |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
42 |
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal length in timestamp"); |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
43 |
+ return (time_t)-1; |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
44 |
+ } |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
45 |
+ |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
46 |
+ if (ASN1_STRING_length(timestr) < 13) { |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
47 |
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to parse time string %s correctly", timestr->data); |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
48 |
+ return (time_t)-1; |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
49 |
+ } |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
50 |
+ |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
51 |
+ strbuf = estrdup((char *)ASN1_STRING_data(timestr)); |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
52 |
|
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
53 |
memset(&thetime, 0, sizeof(thetime)); |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
54 |
|
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
55 |
/* we work backwards so that we can use atoi more easily */ |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
56 |
|
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
57 |
- thestr = strbuf + timestr->length - 3; |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
58 |
+ thestr = strbuf + ASN1_STRING_length(timestr) - 3; |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
59 |
|
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
60 |
thetime.tm_sec = atoi(thestr); |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
61 |
*thestr = '\0'; |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
62 |
diff --git a/ext/openssl/tests/cve-2013-6420.crt b/ext/openssl/tests/cve-2013-6420.crt |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
63 |
new file mode 100644 |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
64 |
index 0000000..4543314 |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
65 |
--- /dev/null |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
66 |
+++ b/ext/openssl/tests/cve-2013-6420.crt |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
67 |
@@ -0,0 +1,29 @@ |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
68 |
+-----BEGIN CERTIFICATE----- |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
69 |
+MIIEpDCCA4ygAwIBAgIJAJzu8r6u6eBcMA0GCSqGSIb3DQEBBQUAMIHDMQswCQYD |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
70 |
+VQQGEwJERTEcMBoGA1UECAwTTm9yZHJoZWluLVdlc3RmYWxlbjEQMA4GA1UEBwwH |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
71 |
+S8ODwrZsbjEUMBIGA1UECgwLU2VrdGlvbkVpbnMxHzAdBgNVBAsMFk1hbGljaW91 |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
72 |
+cyBDZXJ0IFNlY3Rpb24xITAfBgNVBAMMGG1hbGljaW91cy5zZWt0aW9uZWlucy5k |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
73 |
+ZTEqMCgGCSqGSIb3DQEJARYbc3RlZmFuLmVzc2VyQHNla3Rpb25laW5zLmRlMHUY |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
74 |
+ZDE5NzAwMTAxMDAwMDAwWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
75 |
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
76 |
+AAAAAAAXDTE0MTEyODExMzkzNVowgcMxCzAJBgNVBAYTAkRFMRwwGgYDVQQIDBNO |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
77 |
+b3JkcmhlaW4tV2VzdGZhbGVuMRAwDgYDVQQHDAdLw4PCtmxuMRQwEgYDVQQKDAtT |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
78 |
+ZWt0aW9uRWluczEfMB0GA1UECwwWTWFsaWNpb3VzIENlcnQgU2VjdGlvbjEhMB8G |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
79 |
+A1UEAwwYbWFsaWNpb3VzLnNla3Rpb25laW5zLmRlMSowKAYJKoZIhvcNAQkBFhtz |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
80 |
+dGVmYW4uZXNzZXJAc2VrdGlvbmVpbnMuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
81 |
+DwAwggEKAoIBAQDDAf3hl7JY0XcFniyEJpSSDqn0OqBr6QP65usJPRt/8PaDoqBu |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
82 |
+wEYT/Na+6fsgPjC0uK9DZgWg2tHWWoanSblAMoz5PH6Z+S4SHRZ7e2dDIjPjdhjh |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
83 |
+0mLg2UMO5yp0V797Ggs9lNt6JRfH81MN2obXWs4NtztLMuD6egqpr8dDbr34aOs8 |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
84 |
+pkdui5UawTZksy5pLPHq5cMhFGm06v65CLo0V2Pd9+KAokPrPcN5KLKebz7mLpk6 |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
85 |
+SMeEXOKP4idEqxyQ7O7fBuHMedsQhu+prY3si3BUyKfQtP5CZnX2bp0wKHxX12DX |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
86 |
+1nfFIt9DbGvHTcyOuN+nZLPBm3vWxntyIIvVAgMBAAGjQjBAMAkGA1UdEwQCMAAw |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
87 |
+EQYJYIZIAYb4QgEBBAQDAgeAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEF |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
88 |
+BQcDAjANBgkqhkiG9w0BAQUFAAOCAQEAG0fZYYCTbdj1XYc+1SnoaPR+vI8C8CaD |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
89 |
+8+0UYhdnyU4gga0BAcDrY9e94eEAu6ZqycF6FjLqXXdAboppWocr6T6GD1x33Ckl |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
90 |
+VArzG/KxQohGD2JeqkhIMlDomxHO7ka39+Oa8i2vWLVyjU8AZvWMAruHa4EENyG7 |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
91 |
+lW2AagaFKFCr9TnXTfrdxGVEbv7KVQ6bdhg5p5SjpWH1+Mq03uR3ZXPBYdyV8319 |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
92 |
+o0lVj1KFI2DCL/liWisJRoof+1cR35Ctd0wYBcpB6TZslMcOPl76dwKwJgeJo2Qg |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
93 |
+Zsfmc2vC1/qOlNuNq/0TzzkVGv8ETT3CgaU+UXe4XOVvkccebJn2dg== |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
94 |
+-----END CERTIFICATE----- |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
95 |
+ |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
96 |
+ |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
97 |
diff --git a/ext/openssl/tests/cve-2013-6420.phpt b/ext/openssl/tests/cve-2013-6420.phpt |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
98 |
new file mode 100644 |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
99 |
index 0000000..b946cf0 |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
100 |
--- /dev/null |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
101 |
+++ b/ext/openssl/tests/cve-2013-6420.phpt |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
102 |
@@ -0,0 +1,18 @@ |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
103 |
+--TEST-- |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
104 |
+CVE-2013-6420 |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
105 |
+--SKIPIF-- |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
106 |
+<?php |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
107 |
+if (!extension_loaded("openssl")) die("skip"); |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
108 |
+?> |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
109 |
+--FILE-- |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
110 |
+<?php |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
111 |
+$crt = substr(__FILE__, 0, -4).'.crt'; |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
112 |
+$info = openssl_x509_parse("file://$crt"); |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
113 |
+var_dump($info['issuer']['emailAddress'], $info["validFrom_time_t"]); |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
114 |
+?> |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
115 |
+Done |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
116 |
+--EXPECTF-- |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
117 |
+%s openssl_x509_parse(): illegal ASN1 data type for timestamp in %s/cve-2013-6420.php on line 3 |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
118 |
+string(27) "[email protected]" |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
119 |
+int(-1) |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
120 |
+Done |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
121 |
-- |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
122 |
1.8.4.3 |
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
123 |
|
649b12aa87ce
17362112 problem in UTILITY/PHP
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
124 |