php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68920 php_x509_fingerprint_match need stricter checks
Submitted: 2015-01-27 12:51 UTC Modified: 2015-03-04 19:54 UTC
From: erik at datahack dot se Assigned: rdlowrey
Status: Closed Package: OpenSSL related
PHP Version: 5.6.5 OS:
Private report: No CVE-ID:
 [2015-01-27 12:51 UTC] erik at datahack dot se
Description:
------------
In php_x509_fingerprint_match() and its caller, due to its logic the "SSL context" option 'peer_fingerprint' may pass and establish the connection with or without a warning, if set to an invalid value (specifically data type).

Test script:
---------------
<?php

error_reporting(E_ALL);

// pass, warning
var_dump(stream_socket_client("ssl://php.net:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, stream_context_create([
        'ssl' => ['verify_peer'=> false, 'peer_fingerprint' => true]
        ])));

// pass, no warning
var_dump(stream_socket_client("ssl://php.net:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, stream_context_create([
        'ssl' => ['verify_peer'=> false, 'peer_fingerprint' => null]
        ])));

// pass, no warning
var_dump(stream_socket_client("ssl://php.net:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, stream_context_create([
        'ssl' => ['verify_peer'=> false, 'peer_fingerprint' => []]
        ])));

// pass, no warning
var_dump(stream_socket_client("ssl://php.net:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, stream_context_create([
        'ssl' => ['verify_peer'=> false, 'peer_fingerprint' => ['foo']]
        ])));


Expected result:
----------------
All these connections should fail or at least give a warning.

Actual result:
--------------
Connection is established in all cases...

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-03-04 16:57 UTC] rdlowrey@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: rdlowrey
 [2015-03-04 16:57 UTC] rdlowrey@php.net
+1 ... fixed locally. Will update/close once I push relevant commits upstream.
 [2015-03-04 19:52 UTC] rdlowrey@php.net
Automatic comment on behalf of rdlowrey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=241f3c34b89ab55432d5af3fd1e4217540e161a3
Log: Fixed bug #68920 (use strict peer_fingerprint input checks)
 [2015-03-04 19:52 UTC] rdlowrey@php.net
-Status: Verified +Status: Closed
 [2015-03-04 19:52 UTC] rdlowrey@php.net
Automatic comment on behalf of rdlowrey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=241f3c34b89ab55432d5af3fd1e4217540e161a3
Log: Fixed bug #68920 (use strict peer_fingerprint input checks)
 [2015-03-04 19:54 UTC] rdlowrey@php.net
This has been corrected in 5.6 and master via the following commit:

http://git.php.net/?p=php-src.git;a=commitdiff;h=241f3c34b89ab55432d5af3fd1e4217540e161a3

Thanks for the report.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Wed Aug 23 08:01:57 2017 UTC