php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 08:12:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-8.2'

Browse Source 
* PHP-8.2:
  Update NEWS
  Update NEWS
  Update NEWS
  Fix GH-11382 add missing hash header for bin2hex
  Fix missing randomness check and insufficient random bytes for SOAP HTTP Digest
This commit is contained in:
Pierrick Charron
2023-06-06 18:10:49 -04:00
parent 919f27babc 269d6c5942
commit c790373f8a
1 changed files with 14 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
ext/soap/php_http.c
View File

@@ -20,6 +20,7 @@
#include "ext/standard/base64.h"
#include "ext/standard/md5.h"
#include "ext/random/php_random.h"
#include "ext/hash/php_hash.h"
static char *get_http_header_value_nodup(char *headers, char *type, size_t *len);
static char *get_http_header_value(char *headers, char *type);
@@ -657,18 +658,23 @@ try_again:
has_authorization = 1;
if (Z_TYPE_P(digest) == IS_ARRAY) {
char HA1[33], HA2[33], response[33], cnonce[33], nc[9];
zend_long nonce;
unsigned char nonce[16];
PHP_MD5_CTX md5ctx;
unsigned char hash[16];
php_random_bytes_throw(&nonce, sizeof(nonce));
nonce &= 0x7fffffff;
if (UNEXPECTED(php_random_bytes_throw(&nonce, sizeof(nonce)) != SUCCESS)) {
ZEND_ASSERT(EG(exception));
php_stream_close(stream);
convert_to_null(Z_CLIENT_HTTPURL_P(this_ptr));
convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
smart_str_free(&soap_headers_z);
smart_str_free(&soap_headers);
return FALSE;
}
PHP_MD5Init(&md5ctx);
snprintf(cnonce, sizeof(cnonce), ZEND_LONG_FMT, nonce);
PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, strlen(cnonce));
PHP_MD5Final(hash, &md5ctx);
make_digest(cnonce, hash);
php_hash_bin2hex(cnonce, nonce, sizeof(nonce));
cnonce[32] = 0;
if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nc", sizeof("nc")-1)) != NULL &&
Z_TYPE_P(tmp) == IS_LONG) {