php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Return to Bug #67720
Patch php5.3.28-type-check-fix-new revision 2014-07-30 23:27 UTC by neweracracker at gmail dot com
Patch php5.3.29dev-bug65698-bug66636 revision 2014-07-30 20:50 UTC by neweracracker at gmail dot com
Patch php5.3.28-type-check-fix revision 2014-07-30 17:22 UTC by neweracracker at gmail dot com
Patch php5.3.28-bug65698-bug66636 revision 2014-07-30 17:21 UTC by neweracracker at gmail dot com

Patch php5.3.28-type-check-fix for *General Issues Bug #67720

Patch version 2014-07-30 17:22 UTC

Return to Bug #67720 | Download this patch
This patch is obsolete

Obsoleted by patches:

Patch Revisions:

Developer: neweracracker@gmail.com

From: Stanislav Malyshev <stas@php.net>
Date: Sun, 27 Jul 2014 09:40:27 +0000 (-0700)
Subject: Fix missing type checks in various functions
---

diff --git a/ext/com_dotnet/com_com.c b/ext/com_dotnet/com_com.c
index f77779d..500cabd 100644
--- a/ext/com_dotnet/com_com.c
+++ b/ext/com_dotnet/com_com.c
@@ -698,9 +698,9 @@ PHP_FUNCTION(com_event_sink)
 		/* 0 => typelibname, 1 => dispname */
 		zval **tmp;
 
-		if (zend_hash_index_find(Z_ARRVAL_P(sink), 0, (void**)&tmp) == SUCCESS)
+		if (zend_hash_index_find(Z_ARRVAL_P(sink), 0, (void**)&tmp) == SUCCESS && Z_TYPE_PP(tmp) == IS_STRING)
 			typelibname = Z_STRVAL_PP(tmp);
-		if (zend_hash_index_find(Z_ARRVAL_P(sink), 1, (void**)&tmp) == SUCCESS)
+		if (zend_hash_index_find(Z_ARRVAL_P(sink), 1, (void**)&tmp) == SUCCESS && Z_TYPE_PP(tmp) == IS_STRING)
 			dispname = Z_STRVAL_PP(tmp);
 	} else if (sink != NULL) {
 		convert_to_string(sink);
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 0ec2a9a..05d946a 100755
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -649,7 +649,7 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /* {{{ */
 		return (time_t)-1;
 	}
 
-	if (ASN1_STRING_length(timestr) != strlen(ASN1_STRING_data(timestr))) {
+	if (ASN1_STRING_length(timestr) != strlen((char *)ASN1_STRING_data(timestr))) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal length in timestamp");
 		return (time_t)-1;
 	}
@@ -777,13 +777,13 @@ static int add_oid_section(struct php_x509_request * req TSRMLS_DC) /* {{{ */
 			req->config_filename, req->var, req->req_config TSRMLS_CC) == FAILURE) return FAILURE
 
 #define SET_OPTIONAL_STRING_ARG(key, varname, defval)	\
-	if (optional_args && zend_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)&item) == SUCCESS) \
+	if (optional_args && zend_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)&item) == SUCCESS && Z_TYPE_PP(item) == IS_STRING) \
 		varname = Z_STRVAL_PP(item); \
 	else \
 		varname = defval
 
 #define SET_OPTIONAL_LONG_ARG(key, varname, defval)	\
-	if (optional_args && zend_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)&item) == SUCCESS) \
+	if (optional_args && zend_hash_find(Z_ARRVAL_P(optional_args), key, sizeof(key), (void**)&item) == SUCCESS && Z_TYPE_PP(item) == IS_LONG) \
 		varname = Z_LVAL_PP(item); \
 	else \
 		varname = defval
@@ -1901,7 +1901,7 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file)
 	}
 
 	/* parse extra config from args array, promote this to an extra function */
-	if (args && zend_hash_find(Z_ARRVAL_P(args), "friendly_name", sizeof("friendly_name"), (void**)&item) == SUCCESS)
+	if (args && zend_hash_find(Z_ARRVAL_P(args), "friendly_name", sizeof("friendly_name"), (void**)&item) == SUCCESS && Z_TYPE_PP(item) == IS_STRING)
 		friendly_name = Z_STRVAL_PP(item);
 	/* certpbe (default RC2-40)
 	   keypbe (default 3DES)
@@ -1979,7 +1979,7 @@ PHP_FUNCTION(openssl_pkcs12_export)
 	}
 
 	/* parse extra config from args array, promote this to an extra function */
-	if (args && zend_hash_find(Z_ARRVAL_P(args), "friendly_name", sizeof("friendly_name"), (void**)&item) == SUCCESS)
+	if (args && zend_hash_find(Z_ARRVAL_P(args), "friendly_name", sizeof("friendly_name"), (void**)&item) == SUCCESS && Z_TYPE_PP(item) == IS_STRING)
 		friendly_name = Z_STRVAL_PP(item);
 
 	if (args && zend_hash_find(Z_ARRVAL_P(args), "extracerts", sizeof("extracerts"), (void**)&item) == SUCCESS)
diff --git a/ext/openssl/tests/026.phpt b/ext/openssl/tests/026.phpt
new file mode 100644
index 0000000..38d626d
--- /dev/null
+++ b/ext/openssl/tests/026.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Options type checks
+--SKIPIF--
+<?php if (!extension_loaded("openssl")) print "skip"; ?>
+--FILE--
+<?php
+$x = openssl_pkey_new();
+$csr = openssl_csr_new(["countryName" => "DE"], $x, ["x509_extensions" => 0xDEADBEEF]);
+?>
+DONE
+--EXPECT--
+DONE
diff --git a/ext/session/session.c b/ext/session/session.c
index 7d145c3..306aba3 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -362,7 +363,8 @@ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) /* {{{ */
 
 	if (zend_hash_find(&EG(symbol_table), "_SERVER", sizeof("_SERVER"), (void **) &array) == SUCCESS &&
 		Z_TYPE_PP(array) == IS_ARRAY &&
-		zend_hash_find(Z_ARRVAL_PP(array), "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &token) == SUCCESS
+		zend_hash_find(Z_ARRVAL_PP(array), "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &token) == SUCCESS &&
+		Z_TYPE_PP(token) == IS_STRING
 	) {
 		remote_addr = Z_STRVAL_PP(token);
 	}
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Apr 27 13:01:30 2024 UTC