|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37620 mysqli_ssl_set validation is innappropriate
Submitted: 2006-05-29 01:43 UTC Modified: 2006-05-29 05:39 UTC
From: ap at zip dot com dot au Assigned: georg (profile)
Status: Closed Package: MySQLi related
PHP Version: 5.1.4 OS: Linux
Private report: No CVE-ID: None
 [2006-05-29 01:43 UTC] ap at zip dot com dot au
When the validation code was introduced to fix bug #36802 a seemingly blind change was made to all (probably - I did not count :) the functions to validate against MYSQLI_STATUS_VALID as can be seen here:

This doesn't work for mysqli_ssl_set as it needs to be called before a connection to the mysql server is made and as such, judging by the documentation here:

MYSQLI_STATUS_INITIALIZED appears to be a better test to validate against.

Have patch. Hopefully will be able to attach it once I submit it.

Reproduce code:
$db = mysqli_init();
mysqli_ssl_set($db,$key, $cert, $cacert, NULL,NULL);

Expected result:

Actual result:
Warning: mysqli_ssl_set(): invalid object or resource mysqli in test.php on line 5


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2006-05-29 01:45 UTC] ap at zip dot com dot au
Well I can't see an 'upload patch' thingy so here goes:

--- ext/mysqli/mysqli_api.c.old	2006-05-29 11:34:32.000000000 +1000
+++ ext/mysqli/mysqli_api.c	2006-05-29 11:34:34.000000000 +1000
@@ -1770,7 +1770,7 @@
 	if (zend_parse_method_parameters(ZEND_NUM_ARGS() TSRMLS_CC, getThis(), "Osssss", &mysql_link, mysqli_link_class_entry, &ssl_parm[0], &ssl_parm_len[0], &ssl_parm[1], &ssl_parm_len[1], &ssl_parm[2], &ssl_parm_len[2], &ssl_parm[3], &ssl_parm_len[3], &ssl_parm[4], &ssl_parm_len[4])   == FAILURE) {
-	MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_VALID);
+	MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link", MYSQLI_STATUS_INITIALIZED);
 	for (i=0; i < 5; i++) {
 		if (!ssl_parm_len[i]) {
 [2006-05-29 05:39 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu May 30 08:01:31 2024 UTC