php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74291 openssl_pkcs12_read only returns 1 extracert when the .pfx has multiples
Submitted: 2017-03-22 14:27 UTC Modified: 2017-05-25 19:31 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: always666 at gmail dot com Assigned: ab (profile)
Status: Closed Package: OpenSSL related
PHP Version: 7.0.17 OS: irrelevant
Private report: No CVE-ID: None
 [2017-03-22 14:27 UTC] always666 at gmail dot com
Description:
------------
latest Fix "#74022 PHP Fast CGI crashes when reading from a pfx file."
broke the export of multiple extracerts.

in git source control theres a bad loop in line 2667
         
            for (i=0; i < sk_X509_num(ca); i++) {
cause in line 2669
            X509* aCA = sk_X509_pop(ca); 
will return and remove the last element from ca so the loop will only iterate once.
The correct code should be the previous: 
           for (i=0;;i++) {
cause the theres already checks in place to evaluate if the there is no more certs to process in line 2670:
           if (!aCA) break;

link to git revision for beter understanding.
https://github.com/php/php-src/commit/6fc0ae638acd2a66a4181078f4ac5d789762d9de#diff-69bad938d17f4283faa5f7fea17fa627



Patches

openssl_pkcs12_read_patch (last revision 2017-03-22 14:45 UTC by Always666 at gmail dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-05-25 19:31 UTC] ab@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: ab
 [2017-05-25 19:31 UTC] ab@php.net
Fixed with 464c1639ae544e3952823caf169d2e4199a32fc3.

Thanks.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Mar 07 03:01:23 2021 UTC