php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-28 02:33:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Re-fix #72165

Browse Source 
Reverted previous wrong patch, throw warning for numeric keys.
Numeric field names are not supported, see "distinguished name"
section here https://www.openssl.org/docs/manmaster/apps/req.html
This commit is contained in:
Anatol Belski
2016-05-06 09:30:41 +02:00
parent dd5479ea4c
commit 5afba67bfe
2 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ext/openssl/openssl.c
+5
View File
@@ -2767,6 +2767,11 @@ static int php_openssl_make_REQ(struct php_x509_request * req, X509_REQ * csr, z
ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(attribs), strindex, item) {
int nid;
if (NULL == strindex) {
php_error_docref(NULL, E_WARNING, "dn: numeric fild names are not supported");
continue;
}
convert_to_string_ex(item);
nid = OBJ_txt2nid(ZSTR_VAL(strindex));
ext/openssl/tests/bug72165.phpt
+17
View File
@@ -0,0 +1,17 @@
--TEST--
Bug #72165 Null pointer dereference - openssl_csr_new
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
?>
--FILE--
<?php
$var0 = array(0 => "hello", 1 => "world");
$var2 = openssl_csr_new(array(0),$var0,null,array(0));
?>
==DONE==
--EXPECTF--
Warning: openssl_csr_new(): dn: numeric fild names are not supported in %sbug72165.php on line %d
Warning: openssl_csr_new(): add1_attr_by_txt challengePassword_min -> 4 (failed; check error queue and value of string_mask OpenSSL option if illegal characters are reported) in %sbug72165.php on line %d
==DONE==