php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix GH-19245: Success error message on TLS stream accept failure

Browse Source 
This overwrites the previous message from the successful accept call.

Closes GH-19246
This commit is contained in:
Jakub Zelenka
2025-07-26 13:47:58 +02:00
parent a0bd2c9fcf
commit 2b415e416e
3 changed files with 62 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@@ -2,6 +2,9 @@ PHP NEWS
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? ????, PHP 8.3.26 ?? ??? ????, PHP 8.3.26
- OpenSSL:
. Fixed bug GH-19245 (Success error message on TLS stream accept failure).
(Jakub Zelenka)
28 Aug 2025, PHP 8.3.25 28 Aug 2025, PHP 8.3.25

53
ext/openssl/tests/gh19245.phpt Normal file
View File

@@ -0,0 +1,53 @@
--TEST--
GH-19245: Success error message on TLS stream accept failure
--EXTENSIONS--
openssl
--SKIPIF--
<?php
if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
include 'ServerClientTestCase.inc';
$baseDir = __DIR__ . '/gh19245';
$baseDirCertFile = $baseDir . '/cert.crt';
$baseDirPkFile = $baseDir . '/private.key';
$serverCodeTemplate = <<<'CODE'
ini_set('log_errors', 'On');
ini_set('open_basedir', __DIR__ . '/gh19245');
$serverUri = "ssl://127.0.0.1:0";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => '%s',
'local_pk' => '%s',
]]);
$sock = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
phpt_notify_server_start($sock);
$link = stream_socket_accept($sock);
CODE;
$clientCode = <<<'CODE'
$serverUri = "ssl://{{ ADDR }}";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_peer_name' => false
]]);
@stream_socket_client($serverUri, $errno, $errstr, 2, $clientFlags, $clientCtx);
CODE;
$serverCode = sprintf($serverCodeTemplate, $baseDirCertFile . "\0test", $baseDirPkFile);
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--EXPECTF--
PHP Warning: stream_socket_accept(): Path for local_cert in ssl stream context option must not contain any null bytes in %s
PHP Warning: stream_socket_accept(): Unable to get real path of certificate file `%scert.crt' in %s
PHP Warning: stream_socket_accept(): Failed to enable crypto in %s
PHP Warning: stream_socket_accept(): Accept failed: Cannot enable crypto in %s

6
ext/openssl/xp_ssl.c
View File

@@ -2398,6 +2398,12 @@ static inline int php_openssl_tcp_sockop_accept(php_stream *stream, php_openssl_
php_stream_close(xparam->outputs.client); php_stream_close(xparam->outputs.client);
xparam->outputs.client = NULL; xparam->outputs.client = NULL;
xparam->outputs.returncode = -1; xparam->outputs.returncode = -1;
if (xparam->want_errortext) {
if (xparam->outputs.error_text) {
zend_string_free(xparam->outputs.error_text);
}
xparam->outputs.error_text = ZSTR_INIT_LITERAL("Cannot enable crypto", 0);
}
} }
} }
} }