diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index cc6c79ad93a..bd345fe3ddc 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -598,6 +598,7 @@ static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int shortname TSRMLS_DC) /* {{{ */ { + zval **data; zval *subitem, *subentries; int i, j = -1, last = -1, obj_cnt = 0; char *sname; @@ -629,39 +630,27 @@ static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int s sname = (char *) OBJ_nid2ln(nid); } - MAKE_STD_ZVAL(subentries); - array_init(subentries); - - last = -1; - for (;;) { - j = X509_NAME_get_index_by_OBJ(name, obj, last); - if (j < 0) { - if (last != -1) break; - } else { - obj_cnt++; - ne = X509_NAME_get_entry(name, j); - str = X509_NAME_ENTRY_get_data(ne); - if (ASN1_STRING_type(str) != V_ASN1_UTF8STRING) { - to_add_len = ASN1_STRING_to_UTF8(&to_add, str); - if (to_add_len != -1) { - add_next_index_stringl(subentries, (char *)to_add, to_add_len, 1); - } - } else { - to_add = ASN1_STRING_data(str); - to_add_len = ASN1_STRING_length(str); - add_next_index_stringl(subentries, (char *)to_add, to_add_len, 1); - } - } - last = j; - } - i = last; - - if (obj_cnt > 1) { - add_assoc_zval_ex(subitem, sname, strlen(sname) + 1, subentries); + str = X509_NAME_ENTRY_get_data(ne); + if (ASN1_STRING_type(str) != V_ASN1_UTF8STRING) { + to_add_len = ASN1_STRING_to_UTF8(&to_add, str); } else { - zval_dtor(subentries); - FREE_ZVAL(subentries); - if (obj_cnt && str && to_add_len > -1) { + to_add = ASN1_STRING_data(str); + to_add_len = ASN1_STRING_length(str); + } + + if (to_add_len != -1) { + if (zend_hash_find(Z_ARRVAL_P(subitem), sname, strlen(sname)+1, (void**)&data) == SUCCESS) { + if (Z_TYPE_PP(data) == IS_ARRAY) { + subentries = *data; + add_next_index_stringl(subentries, (char *)to_add, to_add_len, 1); + } else if (Z_TYPE_PP(data) == IS_STRING) { + MAKE_STD_ZVAL(subentries); + array_init(subentries); + add_next_index_stringl(subentries, Z_STRVAL_PP(data), Z_STRLEN_PP(data), 1); + add_next_index_stringl(subentries, (char *)to_add, to_add_len, 1); + zend_hash_update(Z_ARRVAL_P(subitem), sname, strlen(sname)+1, &subentries, sizeof(zval*), NULL); + } + } else { add_assoc_stringl(subitem, sname, (char *)to_add, to_add_len, 1); } } diff --git a/ext/openssl/tests/bug64802.pem b/ext/openssl/tests/bug64802.pem new file mode 100644 index 00000000000..187cda31d7a --- /dev/null +++ b/ext/openssl/tests/bug64802.pem @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIGfzCCBWegAwIBAgIQSVCinGH6MkvjJZjRyjK9nTANBgkqhkiG9w0BAQUFADCB +jjELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNDAyBgNV +BAMTK0NPTU9ETyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0Ew +HhcNMTIwMjI5MDAwMDAwWhcNMTQwMjI4MjM1OTU5WjCCAW8xEjAQBgNVBAMTCXd3 +dy5yZC5pbzERMA8GA1UEAxMIcmRpby5jb20xDjAMBgNVBAMTBXJkLmlvMRUwEwYD +VQQDEwxhcGkucmRpby5jb20xEjAQBgNVBAMTCWFwaS5yZC5pbzEQMA4GA1UEBRMH +NDU4NjAwNzETMBEGCysGAQQBgjc8AgEDEwJVUzEZMBcGCysGAQQBgjc8AgECEwhE +ZWxhd2FyZTEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24xCzAJBgNVBAYT +AlVTMQ4wDAYDVQQREwU5NDEwMzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFzAVBgNVBAkTDjE1NTAgQnJ5YW50IHN0MRMwEQYDVQQKEwpSZGlv +LCBJbmMuMSMwIQYDVQQLExpDT01PRE8gRVYgTXVsdGktRG9tYWluIFNTTDEVMBMG +A1UEAxMMd3d3LnJkaW8uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAt0AgYOe8EBJNVBAuSJFLKHRKZn0/ObCLBFG4xVH/5fb1rfYHBT1XSjjOqR3t +iGC/A3esF8YC7TuHQcTLVephx0DtJv1ASxRg3zPM8ebBRsuul18N0W+sY1aNXpkd +36quxvjg5UdBrAweuekJ7OTSZcCe2Ry/SKBeZSWWtkWsI4krCLv7JaKUwxw2h+Hn +TAZSBLVxz/mixF0WYdepYwnq2Hm7XvvVEIQ7wxOQ9bA7iCevLojZOnb39BT2QII7 +cy8AB47RZdfYg7UwaO3bST2rauA4MKar7/Ozqc0aemNFpLatJfgv07cydiuj9fsd +5aE/c8is8C9M9+7MmSMkcNEgGwIDAQABo4IB8zCCAe8wHwYDVR0jBBgwFoAUiERR +/1AqaV4tiPQhutkM8s7L6nwwHQYDVR0OBBYEFCrYw8bfrYJ61NS2yYx6/CnhjzT4 +MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF +BwMBBggrBgEFBQcDAjBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEFATArMCkGCCsG +AQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzBTBgNVHR8ETDBK +MEigRqBEhkJodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9FeHRlbmRlZFZh +bGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYQGCCsGAQUFBwEBBHgwdjBOBggr +BgEFBQcwAoZCaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPRXh0ZW5kZWRW +YWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8v +b2NzcC5jb21vZG9jYS5jb20wTAYDVR0RBEUwQ4IMd3d3LnJkaW8uY29tgglhcGku +cmQuaW+CDGFwaS5yZGlvLmNvbYIFcmQuaW+CCHJkaW8uY29tggl3d3cucmQuaW8w +DQYJKoZIhvcNAQEFBQADggEBAKFd4bPVFRyrlqIKPtrtMuqGqid6685ohxf0cv52 +sjdRYwLVTjnZOrmkDdNaF3R2A1ZlVMRN+67rK+qfY5sTeijFcudV3/i0PDtOFRwP +6yYVD2uZmYkxfPiW309HPmDF+EzhxpVjWlTQEOwkfFLTmJmwl3Qu2Kffp8F1ENXW +OTVNvj5VtMghvzu68PpzKl1VjlOR4Ej9NCwh1dUjNKEoTPzvpehXsIZ7jHSpX/T1 +wSSt9ckiechDdpgZXTzHgbxHNibK0Uhh+QhkBgYMj5F8qj5BlBhWAWqQa/VnEdmr +Pfo7U+QmadoqQd7qt06hE2hG1nfZ0vPJDbWV3oVSwG2Yt7I= +-----END CERTIFICATE----- diff --git a/ext/openssl/tests/bug64802.phpt b/ext/openssl/tests/bug64802.phpt new file mode 100644 index 00000000000..9a59701494e --- /dev/null +++ b/ext/openssl/tests/bug64802.phpt @@ -0,0 +1,56 @@ +--TEST-- +Bug #64802: openssl_x509_parse fails to parse subject properly in some cases +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +array(11) { + [0]=> + string(14) "1550 Bryant st" + [1]=> + string(5) "94103" + [2]=> + string(7) "4586007" + [3]=> + string(2) "CA" + [4]=> + string(26) "COMODO EV Multi-Domain SSL" + [5]=> + string(20) "Private Organization" + [6]=> + string(10) "Rdio, Inc." + [7]=> + string(13) "San Francisco" + [8]=> + string(2) "US" + [9]=> + array(2) { + [0]=> + string(2) "US" + [1]=> + string(8) "Delaware" + } + [10]=> + array(6) { + [0]=> + string(9) "www.rd.io" + [1]=> + string(8) "rdio.com" + [2]=> + string(5) "rd.io" + [3]=> + string(12) "api.rdio.com" + [4]=> + string(9) "api.rd.io" + [5]=> + string(12) "www.rdio.com" + } +}