php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-29 03:03:26 +02:00
Code Issues Packages Projects Releases Wiki Activity
140,071 Commits 549 Branches 1,486 Tags
php-8.4.12
Commit Graph

2001 Commits

Author SHA1 Message Date
Jakub Zelenka f52a59ff4f Merge branch 'PHP-8.3' into PHP-8.4 2025-08-09 17:44:25 +02:00
Jakub Zelenka 9e2aa658a8 Fix GH-19428: openssl_pkey_derive segfaults for DH derive with low key_length 
This happens only for OpenSSL 1.1.1 because key_length is ignored for
DH. It means that the provided string is overwritten with longer buffer.
 2025-08-09 17:43:04 +02:00
Niels Dossche 0f731b455c Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix error return check of EVP_CIPHER_CTX_ctrl()
  Fix memleak on failure in collator_get_sort_key()
 2025-07-15 20:38:22 +02:00
Niels Dossche cd8722304c Fix error return check of EVP_CIPHER_CTX_ctrl() 
OpenSSL can return -1 on error [1, 2], and OpenBSD's docs confirm this
[3]. Change all checks to <= 0.

[1] https://github.com/openssl/openssl/blob/b3161bd9a9329be3d6bf6b29a06835e2721898bb/crypto/evp/evp_enc.c#L1530-L1531
[2] https://github.com/openssl/openssl/blob/b3161bd9a9329be3d6bf6b29a06835e2721898bb/crypto/evp/evp_enc.c#L1611
[3] https://man.openbsd.org/EVP_CIPHER_CTX_ctrl.3

Closes GH-18987.
 2025-07-15 20:37:33 +02:00
Niels Dossche f938f356cb Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-18986: OpenSSL backend: incorrect RAND_{load,write}_file() return value check
 2025-07-15 18:50:46 +02:00
Niels Dossche a8086be81c Fix GH-18986: OpenSSL backend: incorrect RAND_{load,write}_file() return value check 
As noted by the LibreSSL maintainer, these functions return -1 on error.
This is further confirmed by my static analyzer that inferred the same
thing for OpenSSL.

Closes GH-19013.
 2025-07-15 18:50:19 +02:00
Jakub Zelenka 0d19984cda Merge branch 'PHP-8.3' into PHP-8.4 2025-07-15 11:24:34 +02:00
Jakub Zelenka 6b2b60f683 Fix bug #80770: openssl cafile not used in SNI SSL_CTX 
The issue is about not being able to connect as cafile for SNI
is not used in its SSL context. This sets it up so it is possible
to capture the client certificate which is only possible when
verify_peer is true.

Closes GH-18893
 2025-07-15 11:23:10 +02:00
Jakub Zelenka 7a15d2a5c0 Merge branch 'PHP-8.3' into PHP-8.4 2025-06-05 18:05:24 +02:00
Jakub Zelenka 444cc78a3e Skip OpenSSL proxy test for bug #74796 on Windows 2025-06-05 16:18:06 +02:00
Jakub Zelenka 086a470208 Merge branch 'PHP-8.3' into PHP-8.4 2025-06-05 14:10:57 +02:00
Jakub Zelenka 42f6c15186 Fix bug #74796: Requests through http proxy set peer name 
This issue happens because http wrapper sets peer_name but then does not
remove so it stays in the context. The fix removes the peer name from
the context after enabling crypto.

In addition to bug #74796, this also fixes bug #76196.

In addition it should be a final fix for those SOAP bugs:

bug #69783
bug #52913
bug #61463
 2025-06-05 14:08:28 +02:00
Niels Dossche 87ff5479fc Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure
 2025-06-03 23:46:21 +02:00
Niels Dossche 08a9579883 Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure 
Closes GH-18750.
 2025-06-03 23:45:51 +02:00
Niels Dossche 1e94f3423b Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Split off php_set_sock_blocking() and s.is_blocked to a separate function
  Fix missing checks against php_set_blocking() in xp_ssl.c
 2025-05-20 08:08:39 +02:00
Niels Dossche 1863014fbd Split off php_set_sock_blocking() and s.is_blocked to a separate function 
This makes it harder to forget the check and keeps the variable and
function call consistent.

Closes GH-18604.
 2025-05-20 08:08:06 +02:00
Niels Dossche 31ebb42268 Fix missing checks against php_set_blocking() in xp_ssl.c 2025-05-20 08:07:34 +02:00
Niels Dossche 8a927c284d Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix potential leaks when writing to BIO fails
 2025-04-11 21:02:59 +02:00
Niels Dossche 29f96fb1f1 Fix potential leaks when writing to BIO fails 
When the BIO is created but writing fails, these can leak.

Closes GH-18186.
 2025-04-11 21:02:37 +02:00
Niels Dossche a6e76ac010 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix inverted call to php_openssl_store_errors()
  Fix openssl_random_pseudo_bytes() always setting strong_result to true
 2025-04-02 20:25:32 +02:00
Niels Dossche 5e68671f88 Fix inverted call to php_openssl_store_errors() 
This calls php_openssl_store_errors() in the success path right now,
change it to call php_openssl_store_errors() in the error path.
 2025-04-02 20:25:21 +02:00
Niels Dossche 0dc600c69a Fix openssl_random_pseudo_bytes() always setting strong_result to true 
This regressed in 62c7432f, prior to that commit the value was set to
false in case random number generation failed, but now even if an
exception is thrown it is set to true. This likely does not _really_
matter as the user will handle the exception, still the value in
$strong_result is observable.
 2025-04-02 20:25:21 +02:00
Niels Dossche d689ff63e8 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix memory leak in openssl_sign() when passing invalid algorithm
 2025-04-02 20:18:57 +02:00
Niels Dossche 74720a22f3 Fix memory leak in openssl_sign() when passing invalid algorithm 
Closes GH-18185.
 2025-04-02 20:15:53 +02:00
Jakub Zelenka 4936c32772 Merge branch 'PHP-8.3' into PHP-8.4 2025-02-28 14:51:52 +01:00
Jakub Zelenka 6bb56fe0cf Change openssl_x509_verify test to use cert generator (#17882) 
This also prevents verifying cert with SHA1 signature
 2025-02-28 14:51:12 +01:00
Jakub Zelenka d2977b026f Merge branch 'PHP-8.3' into PHP-8.4 2024-12-31 15:20:06 +01:00
Jakub Zelenka e0dabe326f Merge branch 'PHP-8.2' into PHP-8.3 2024-12-31 15:05:18 +01:00
Jakub Zelenka 37504f123d Port OpenSSL gh10495, gh13860 and gh9310 test to use ephemeral ports 2024-12-31 15:02:08 +01:00
Jakub Zelenka 44a9154e75 Merge branch 'PHP-8.1' into PHP-8.2 2024-12-31 14:39:59 +01:00
Jakub Zelenka b8731767d8 Fix GH-16955: Use empheral ports for OpenSSL server client tests 
And refactor some client server tests.

Closes GH-17180
 2024-12-31 14:25:19 +01:00
Niels Dossche ef1e1868ed Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix wrong merge
 2024-11-09 11:49:16 +01:00
Niels Dossche 80dd5a0306 Fix wrong merge 2024-11-09 11:49:08 +01:00
Niels Dossche fd68e9ba2c Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix memory leak in php_openssl_pkey_from_zval()
  Fix various memory leaks related to openssl exports
  Prevent unexpected array entry conversion when reading key
 2024-11-09 11:01:29 +01:00
Niels Dossche 591fe92724 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix memory leak in php_openssl_pkey_from_zval()
  Fix various memory leaks related to openssl exports
  Prevent unexpected array entry conversion when reading key
 2024-11-09 11:01:21 +01:00
Niels Dossche 994e866cf2 Fix memory leak in php_openssl_pkey_from_zval() 
Closes GH-16691.
 2024-11-09 10:58:44 +01:00
Niels Dossche 2f4f09f7e6 Fix various memory leaks related to openssl exports 
Closes GH-16692.
 2024-11-09 10:58:17 +01:00
Niels Dossche ac8d0e57d9 Prevent unexpected array entry conversion when reading key 
When passing an array, the key entry can get converted to a string if it
is an object, but this actually modifies the original array entry.
The test originally outputted:

```
array(2) {
  [0]=>
  string(...) => ...
  [1]=>
  string(0) ""
}
```

This is unexpected. Use zval_try_get_string() to prevent this behaviour.

Closes GH-16693.
 2024-11-09 10:57:50 +01:00
Niels Dossche faef0dfb49 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix various memory leaks on error conditions in openssl_x509_parse()
 2024-11-04 20:04:51 +01:00
Niels Dossche 673e8d1011 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix various memory leaks on error conditions in openssl_x509_parse()
 2024-11-04 20:04:18 +01:00
Niels Dossche 5ddb75660d Fix various memory leaks on error conditions in openssl_x509_parse() 
Closes GH-16690.
 2024-11-04 20:03:53 +01:00
Christoph M. Becker ef1c3b82ff Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-16433: Large values for openssl_csr_sign() $days overflow
 2024-10-16 11:10:12 +02:00
Christoph M. Becker 931762c626 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16433: Large values for openssl_csr_sign() $days overflow
 2024-10-16 11:09:00 +02:00
Christoph M. Becker 2bdf2f9100 Fix GH-16433: Large values for openssl_csr_sign() $days overflow 
The `offset_sec` parameter of `X509_gmtime_adj()` expects a `long`, but
the `$days` parameter of `openssl_csr_sign()` a `zend_long`.  We must
avoid signed integer overflow (UB), but also must not silently truncate.
Thus we check the given `$days` for the permissible range, and bail out
otherwise.

Closes GH-16437.
 2024-10-16 11:08:02 +02:00
Christoph M. Becker 33fab73730 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-16357: openssl may modify member types of certificate arrays
 2024-10-12 16:07:50 +02:00
Christoph M. Becker 76a819e7d1 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16357: openssl may modify member types of certificate arrays
 2024-10-12 16:06:44 +02:00
Christoph M. Becker 549bcdb7fb Fix GH-16357: openssl may modify member types of certificate arrays 
We must not use `try_convert_to_string()` on members of unseparated
array arguments; instead of separating, we use `zval_try_get_string()`.

Closes GH-16370.
 2024-10-12 16:05:31 +02:00
Jakub Zelenka 53cc92c85c Fix failing openssl_private_decrypt tests 
We backport 11caf094f1af6b47ea2138c5fa907838911ebe01[1] as a step to
get back to a green CI.

[1] <https://github.com/php/php-src/commit/11caf094f1af6b47ea2138c5fa907838911ebe01>
 2024-10-07 01:06:04 +02:00
Jakub Zelenka e05121563f Merge branch 'PHP-8.3' into PHP-8.4 2024-09-28 16:29:18 +01:00
Jakub Zelenka 37a73a83c3 Merge branch 'PHP-8.2' into PHP-8.3 2024-09-28 16:24:01 +01:00