php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44900 OpenSSL extension fails to link with OpenSSL 0.9.6
Submitted: 2008-05-02 23:55 UTC Modified: 2008-11-30 21:42 UTC
Votes:3
Avg. Score:4.7 ± 0.5
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:0 (0.0%)
From: jd at cpanel dot net Assigned: pajoye
Status: Closed Package: OpenSSL related
PHP Version: 5.2.6 OS: RedHat Linux AS-2
Private report: No CVE-ID:
 [2008-05-02 23:55 UTC] jd at cpanel dot net
Description:
------------
PHP 5.2.6 introduces some memory cleanup code in the OpenSSL extension.  Unfortunately, EVP_MD_CTX_cleanup() is only available with OpenSSL 0.9.7 and higher.  openssl.c needs to verify EVP_MD_CTX_cleanup() is available...

diff -Nur php-5.2.6.orig/ext/openssl/openssl.c php-5.2.6/ext/openssl/openssl.c
--- php-5.2.6.orig/ext/openssl/openssl.c        2008-04-07 05:44:03.000000000 -0500
+++ php-5.2.6/ext/openssl/openssl.c     2008-05-02 17:11:10.000000000 -0500
@@ -3522,7 +3522,9 @@
                efree(sigbuf);
                RETVAL_FALSE;
        }
+#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
        EVP_MD_CTX_cleanup(&md_ctx);
+#endif
        if (keyresource == -1) {
                EVP_PKEY_free(pkey);
        }
@@ -3562,7 +3564,9 @@
        EVP_VerifyInit   (&md_ctx, mdtype);
        EVP_VerifyUpdate (&md_ctx, data, data_len);
        err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, signature_len, pkey);
+#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
        EVP_MD_CTX_cleanup(&md_ctx);
+#endif
 
        if (keyresource == -1) {
                EVP_PKEY_free(pkey);



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-05-03 11:46 UTC] derick@php.net
The last 0.9.6 release was more than *four* years ago - you really should upgrade as *numerous* security fixes where made there.
 [2008-05-03 11:48 UTC] pajoye@php.net
Unless we explicitly stop to support this version, it costs nothing to apply this patch for the person running Sarge and other conservative OSes.
 [2008-05-03 11:50 UTC] pajoye@php.net
Side note: 5.3.0 will have 0.9.8g as requirement (or at the 0.9.7 if 0.9.8 is too "new").
 [2008-05-05 11:09 UTC] Bjorn dot Wiberg at its dot uu dot se

 [2008-11-30 21:42 UTC] pajoye@php.net
Fixed in 5.2, 5.3+ requires a more decent version.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 10:02:10 2014 UTC