Merge branch 'PHP-7.3' into PHP-7.4

krakjoe · krakjoe · commit 5a8e7b95a16e · 2019-10-03T07:13:15.000+02:00
* PHP-7.3:
  Fix bug #76809 (SSL settings aren't respected when persistent connection is reused)
diff --git a/NEWS b/NEWS
@@ -6,6 +6,10 @@ PHP                                                                        NEWS
   . Fixed bug #77335 (PHP is preventing SIGALRM from specifying SA_RESTART).
     (Nikita)
 
+- MySQLi:
+  . Fixed bug #76809 (SSL settings aren't respected when persistent connections 
+    are used). (fabiomsouto)
+
 - SimpleXML:
   . Fixed bug #75245 (Don't set content of elements with only whitespaces). 
     (eriklundin)
diff --git a/ext/mysqli/mysqli_nonapi.c b/ext/mysqli/mysqli_nonapi.c
@@ -54,11 +54,13 @@ void mysqli_common_connect(INTERNAL_FUNCTION_PARAMETERS, zend_bool is_real_conne
 	MY_MYSQL			*mysql = NULL;
 	MYSQLI_RESOURCE		*mysqli_resource = NULL;
 	zval				*object = getThis();
-	char				*hostname = NULL, *username=NULL, *passwd=NULL, *dbname=NULL, *socket=NULL;
-	size_t					hostname_len = 0, username_len = 0, passwd_len = 0, dbname_len = 0, socket_len = 0;
-	zend_bool			persistent = FALSE;
-	zend_long				port = 0, flags = 0;
-	zend_bool port_is_null = 1;
+	char				*hostname = NULL, *username=NULL, *passwd=NULL, *dbname=NULL, *socket=NULL,
+						*ssl_key = NULL, *ssl_cert = NULL, *ssl_ca = NULL, *ssl_capath = NULL,
+						*ssl_cipher = NULL;
+	size_t				hostname_len = 0, username_len = 0, passwd_len = 0, dbname_len = 0, socket_len = 0;
+	zend_bool			persistent = FALSE, ssl = FALSE;
+	zend_long			port = 0, flags = 0;
+	zend_bool           port_is_null = 1;
 	zend_string			*hash_key = NULL;
 	zend_bool			new_connection = FALSE;
 	zend_resource		*le;
@@ -188,6 +190,33 @@ void mysqli_common_connect(INTERNAL_FUNCTION_PARAMETERS, zend_bool is_real_conne
 
 								goto end;
 							} else {
+#ifdef MYSQLI_USE_MYSQLND
+								if (mysql->mysql->data->vio->data->ssl) {
+									/* copy over pre-existing ssl settings so we can reuse them when reconnecting */
+									ssl = TRUE;
+
+									ssl_key = mysql->mysql->data->vio->data->options.ssl_key ? estrdup(mysql->mysql->data->vio->data->options.ssl_key) : NULL;
+									ssl_cert = mysql->mysql->data->vio->data->options.ssl_cert ? estrdup(mysql->mysql->data->vio->data->options.ssl_cert) : NULL;
+									ssl_ca = mysql->mysql->data->vio->data->options.ssl_ca ? estrdup(mysql->mysql->data->vio->data->options.ssl_ca) : NULL;
+									ssl_capath = mysql->mysql->data->vio->data->options.ssl_capath ? estrdup(mysql->mysql->data->vio->data->options.ssl_capath) : NULL;
+									ssl_cipher = mysql->mysql->data->vio->data->options.ssl_cipher ? estrdup(mysql->mysql->data->vio->data->options.ssl_cipher) : NULL;
+								}
+#else
+								if (mysql->mysql->options.ssl_key
+										|| mysql->mysql->options.ssl_cert
+										|| mysql->mysql->options.ssl_ca
+										|| mysql->mysql->options.ssl_capath
+										|| mysql->mysql->options.ssl_cipher) {
+									/* copy over pre-existing ssl settings so we can reuse them when reconnecting */
+									ssl = TRUE;
+
+									ssl_key = mysql->mysql->options.ssl_key ? estrdup(mysql->mysql->options.ssl_key) : NULL;
+									ssl_cert = mysql->mysql->options.ssl_cert ? estrdup(mysql->mysql->options.ssl_cert) : NULL;
+									ssl_ca = mysql->mysql->options.ssl_ca ? estrdup(mysql->mysql->options.ssl_ca) : NULL;
+									ssl_capath = mysql->mysql->options.ssl_capath ? estrdup(mysql->mysql->options.ssl_capath) : NULL;
+									ssl_cipher = mysql->mysql->options.ssl_cipher ? estrdup(mysql->mysql->options.ssl_cipher) : NULL;
+								}
+#endif
 								mysqli_close(mysql->mysql, MYSQLI_CLOSE_IMPLICIT);
 								mysql->mysql = NULL;
 							}
@@ -229,8 +258,56 @@ void mysqli_common_connect(INTERNAL_FUNCTION_PARAMETERS, zend_bool is_real_conne
 	/* BC for prior to bug fix #53425 */
 	flags |= CLIENT_MULTI_RESULTS;
 
+	if (ssl) {
+		/* if we're here, this means previous conn was ssl, repopulate settings */
+		mysql_ssl_set(mysql->mysql, ssl_key, ssl_cert, ssl_ca, ssl_capath, ssl_cipher);
+
+		if (ssl_key) {
+		    efree(ssl_key);
+		}
+
+		if (ssl_cert) {
+		    efree(ssl_cert);
+		}
+
+		if (ssl_ca) {
+		    efree(ssl_ca);
+		}
+
+		if (ssl_capath) {
+		    efree(ssl_capath);
+		}
+
+		if (ssl_cipher) {
+		    efree(ssl_cipher);
+		}
+	}
 	if (mysql_real_connect(mysql->mysql, hostname, username, passwd, dbname, port, socket, flags) == NULL)
 #else
+	if (ssl) {
+		/* if we're here, this means previous conn was ssl, repopulate settings */
+		mysql_ssl_set(mysql->mysql, ssl_key, ssl_cert, ssl_ca, ssl_capath, ssl_cipher);
+
+		if (ssl_key) {
+		    efree(ssl_key);
+		}
+
+		if (ssl_cert) {
+		    efree(ssl_cert);
+		}
+
+		if (ssl_ca) {
+		    efree(ssl_ca);
+		}
+
+		if (ssl_capath) {
+		    efree(ssl_capath);
+		}
+
+		if (ssl_cipher) {
+		    efree(ssl_cipher);
+		}
+	}
 	if (mysqlnd_connect(mysql->mysql, hostname, username, passwd, passwd_len, dbname, dbname_len,
 						port, socket, flags, MYSQLND_CLIENT_KNOWS_RSET_COPY_DATA) == NULL)
 #endif
