php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login | |
Patch php5.3.29dev-bug65698-bug66636 for *General Issues Bug #67720Patch version 2014-07-30 20:50 UTC Return to Bug #67720 | Download this patchThis patch renders other patches obsolete Obsolete patches: Patch Revisions:Developer: neweracracker@gmail.comAdded support for parsing ssl certificates using GeneralizedTime format. fix bug #65698 fix bug #66636 --- diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 257681f..0ec2a9a 100755 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -649,7 +649,7 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /* {{{ */ char * thestr; long gmadjust = 0; - if (ASN1_STRING_type(timestr) != V_ASN1_UTCTIME) { + if (ASN1_STRING_type(timestr) != V_ASN1_UTCTIME && ASN1_STRING_type(timestr) != V_ASN1_GENERALIZEDTIME) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal ASN1 data type for timestamp"); return (time_t)-1; } @@ -664,6 +664,11 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /* {{{ */ return (time_t)-1; } + if (ASN1_STRING_type(timestr) == V_ASN1_GENERALIZEDTIME && ASN1_STRING_length(timestr) < 15) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to parse time string %s correctly", timestr->data); + return (time_t)-1; + } + strbuf = estrdup((char *)ASN1_STRING_data(timestr)); memset(&thetime, 0, sizeof(thetime)); @@ -685,14 +690,21 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /* {{{ */ *thestr = '\0'; thestr -= 2; thetime.tm_mon = atoi(thestr)-1; + *thestr = '\0'; - thestr -= 2; - thetime.tm_year = atoi(thestr); + if( ASN1_STRING_type(timestr) == V_ASN1_UTCTIME ) { + thestr -= 2; + thetime.tm_year = atoi(thestr); - if (thetime.tm_year < 68) { - thetime.tm_year += 100; + if (thetime.tm_year < 68) { + thetime.tm_year += 100; + } + } else if( ASN1_STRING_type(timestr) == V_ASN1_GENERALIZEDTIME ) { + thestr -= 4; + thetime.tm_year = atoi(thestr) - 1900; } + thetime.tm_isdst = -1; ret = mktime(&thetime); diff --git a/ext/openssl/tests/bug65698.crt b/ext/openssl/tests/bug65698.crt new file mode 100644 index 0000000..c4a0261 --- /dev/null +++ b/ext/openssl/tests/bug65698.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEsTCCA5mgAwIBAgIQdwrGwrpRpBwdXS+ZsmsMGjANBgkqhkiG9w0BAQUFADA+ +MQswCQYDVQQGEwJQTDEbMBkGA1UEChMSVW5pemV0byBTcC4geiBvLm8uMRIwEAYD +VQQDEwlDZXJ0dW0gQ0EwIhgPMjAwOTAzMDMxMjUzMThaGA8yMDI0MDMwMzEyNTMx +OFowdzELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVz +IFMuQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEb +MBkGA1UEAxMSQ2VydHVtIExldmVsIElJIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA4LE0Ixw8h5Lper9tHVtZkWIujxYsPVgUZABeZZgQsKTdJjaG +VP64B/oiEV5Hd3AxRqaZ7dRRsf4Pg/PSS/2mHRQQ/SH3XACbrDHmucDvYgtU/WoZ +yp9d6PXVPY4j7J5t/52s+EbZD5swSuQLGjZ9iwg9sXX3JdJ9Ty+B3z80oiajpK0B +wqAxrcX3DekEOknj7LkAOK6iuQKI85REj4IVb9kD7KKIWdISGbfL4Ezh/TP51e0L +/WhTJ7lHbHbRzFfPU/oi3Qyt5tEexrPKe+6N+Jrejdb5Ya7Ne3tKujDU7KlbO+dn +pzFH7VHkBPJcQJ7QUrprPaqVsVg3JJ1PXTqVnwIDAQABo4IBbDCCAWgwDwYDVR0T +AQH/BAUwAwEB/zAdBgNVHQ4EFgQUgGIR3sBrpxDhCPBVtDCDv/qPCGAwUgYDVR0j +BEswSaFCpEAwPjELMAkGA1UEBhMCUEwxGzAZBgNVBAoTElVuaXpldG8gU3AuIHog +by5vLjESMBAGA1UEAxMJQ2VydHVtIENBggMBACAwDgYDVR0PAQH/BAQDAgEGMCwG +A1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly9jcmwuY2VydHVtLnBsL2NhLmNybDBoBggr +BgEFBQcBAQRcMFowKAYIKwYBBQUHMAGGHGh0dHA6Ly9zdWJjYS5vY3NwLWNlcnR1 +bS5jb20wLgYIKwYBBQUHMAKGImh0dHA6Ly9yZXBvc2l0b3J5LmNlcnR1bS5wbC9j +YS5jZXIwOgYDVR0gBDMwMTAvBgRVHSAAMCcwJQYIKwYBBQUHAgEWGWh0dHBzOi8v +d3d3LmNlcnR1bS5wbC9DUFMwDQYJKoZIhvcNAQEFBQADggEBAI/jSDAW/w9qLzF6 +4oQiIRB7dGKp2Nlj27xZFYDBRINn4DKyZExkpanASF2of9eEzvrS+qoDY29mhXCi +MkiGr0vCsVhn0ReUpjg4Z5SsiQhZ2BGSjXiOJgaDI7Dw1MH7Ru6jdfSbLyd97EFj +ER0ERGdrcA2kLw7KfQm78IkClXEEKjKnAUTn1d/5Y4UuBWDCEL0FLgO9AqNXEzIy +rlXVGIs73kdefAK+Z1T6dm83vUrDMyzemWNRBI2tVBujkN6zkaF6uPjE4hfoIkEQ +Z4317byFkG4mxjATU+tQLG1Bs88HUAOrxtJOo/WoeCNsFJaxbYPt4oQGxIVYdz29 +OUX9CQA= +-----END CERTIFICATE----- diff --git a/ext/openssl/tests/bug65698.phpt b/ext/openssl/tests/bug65698.phpt new file mode 100644 index 0000000..35d3176 --- /dev/null +++ b/ext/openssl/tests/bug65698.phpt @@ -0,0 +1,19 @@ +--TEST-- +Bug #65689 (GeneralizedTime format parsing) +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip"); +?> +--FILE-- +<?php +$crt = substr(__FILE__, 0, -4).'.crt'; +$info = openssl_x509_parse("file://$crt"); +var_dump($info["validFrom"], $info["validFrom_time_t"], $info["validTo"], $info["validTo_time_t"]); +?> +Done +--EXPECTF-- +string(15) "20090303125318Z" +int(1236084798) +string(15) "20240303125318Z" +int(1709470398) +Done diff --git a/ext/openssl/tests/cve-2013-6420.phpt b/ext/openssl/tests/cve-2013-6420.phpt index 87c0210..ccead0a 100644 --- a/ext/openssl/tests/cve-2013-6420.phpt +++ b/ext/openssl/tests/cve-2013-6420.phpt @@ -12,7 +12,7 @@ var_dump($info['issuer']['emailAddress'], $info["validFrom_time_t"]); ?> Done --EXPECTF-- -%s openssl_x509_parse(): illegal ASN1 data type for timestamp in %s%ecve-2013-6420.php on line 3 +%s openssl_x509_parse(): illegal length in timestamp in %s%ecve-2013-6420.php on line 3 string(27) "stefan.esser@sektioneins.de" int(-1) Done |
Copyright © 2001-2024 The PHP Group All rights reserved. |
Last updated: Fri May 10 00:01:33 2024 UTC |