Skip to content

Commit b765d4c

Browse files
bukkabukka
committed
Fix bug #50293 and #81713: file path checking in OpenSSL functions
It introduces a single function to check file paths passed to OpenSSL functions. It expands the path, check null bytes and finally does an open basedir check.
1 parent e2d55f2 commit b765d4c

File tree

7 files changed

+594
-234
lines changed

7 files changed

+594
-234
lines changed

NEWS

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,12 @@ PHP NEWS
1010
- MBString:
1111
. Fixed bug GH-8685 (pcre not ready at mbstring startup). (Remi)
1212

13+
- OpenSSL:
14+
. Fixed bug #50293 (Several openssl functions ignore the VCWD).
15+
(Jakub Zelenka, cmb)
16+
. Fixed bug #81713 (NULL byte injection in several OpenSSL functions working
17+
with certificates). (Jakub Zelenka)
18+
1319
- PDO ODBC:
1420
. Fixed errorInfo() result on successful PDOStatement->execute(). (Yurunsoft)
1521

Zend/zend_API.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -345,7 +345,7 @@ ZEND_API ZEND_COLD void ZEND_FASTCALL zend_unexpected_extra_named_error(void)
345345
class_name, space, get_active_function_name());
346346
}
347347

348-
static ZEND_COLD void ZEND_FASTCALL zend_argument_error_variadic(zend_class_entry *error_ce, uint32_t arg_num, const char *format, va_list va) /* {{{ */
348+
ZEND_API ZEND_COLD void ZEND_FASTCALL zend_argument_error_variadic(zend_class_entry *error_ce, uint32_t arg_num, const char *format, va_list va) /* {{{ */
349349
{
350350
zend_string *func_name;
351351
const char *arg_name;

Zend/zend_API.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1256,6 +1256,7 @@ ZEND_API ZEND_COLD void ZEND_FASTCALL zend_wrong_parameter_class_or_string_error
12561256
ZEND_API ZEND_COLD void ZEND_FASTCALL zend_wrong_parameter_class_or_string_or_null_error(uint32_t num, const char *name, zval *arg);
12571257
ZEND_API ZEND_COLD void ZEND_FASTCALL zend_wrong_callback_error(uint32_t num, char *error);
12581258
ZEND_API ZEND_COLD void ZEND_FASTCALL zend_unexpected_extra_named_error(void);
1259+
ZEND_API ZEND_COLD void ZEND_FASTCALL zend_argument_error_variadic(zend_class_entry *error_ce, uint32_t arg_num, const char *format, va_list va);
12591260
ZEND_API ZEND_COLD void zend_argument_error(zend_class_entry *error_ce, uint32_t arg_num, const char *format, ...);
12601261
ZEND_API ZEND_COLD void zend_argument_type_error(uint32_t arg_num, const char *format, ...);
12611262
ZEND_API ZEND_COLD void zend_argument_value_error(uint32_t arg_num, const char *format, ...);

0 commit comments

Comments
 (0)