mirror of
https://github.com/php/php-src.git
synced 2024-09-21 09:57:23 +00:00
Fix GH-13343: openssl_x509_parse should not allow omitted seconds in UTCTimes
Closes GH-14439 Signed-off-by: Jakub Zelenka <bukka@php.net>
This commit is contained in:
parent
65ff5117ab
commit
98736e8bbd
2
NEWS
2
NEWS
@ -143,6 +143,8 @@ PHP NEWS
|
|||||||
. Added compile-time option --with-openssl-legacy-provider to enable legacy
|
. Added compile-time option --with-openssl-legacy-provider to enable legacy
|
||||||
provider. (Adam Saponara)
|
provider. (Adam Saponara)
|
||||||
. Added support for Curve25519 + Curve448 based keys. (Manuel Mausz)
|
. Added support for Curve25519 + Curve448 based keys. (Manuel Mausz)
|
||||||
|
. Fixed bug GH-13343 (openssl_x509_parse should not allow omitted seconds in
|
||||||
|
UTCTimes). (Jakub Zelenka)
|
||||||
|
|
||||||
- Output:
|
- Output:
|
||||||
. Clear output handler status flags during handler initialization. (haszi)
|
. Clear output handler status flags during handler initialization. (haszi)
|
||||||
|
@ -426,6 +426,9 @@ PHP 8.4 UPGRADE NOTES
|
|||||||
a single entry.
|
a single entry.
|
||||||
. New serial_hex parameter added to openssl_csr_sign to allow setting serial
|
. New serial_hex parameter added to openssl_csr_sign to allow setting serial
|
||||||
number in the hexadecimal format.
|
number in the hexadecimal format.
|
||||||
|
. Parsing ASN.1 UTCTime by openssl_x509_parse fails if seconds are omitted
|
||||||
|
for OpenSSL version below 3.2 (-1 is returned for such fields). The
|
||||||
|
OpenSSL version 3.3+ does not load such certificates already.
|
||||||
|
|
||||||
- ODBC:
|
- ODBC:
|
||||||
. Parameter $row of odbc_fetch_object(), odbc_fetch_array(), and
|
. Parameter $row of odbc_fetch_object(), odbc_fetch_array(), and
|
||||||
|
@ -760,7 +760,7 @@ static time_t php_openssl_asn1_time_to_time_t(ASN1_UTCTIME * timestr) /* {{{ */
|
|||||||
return (time_t)-1;
|
return (time_t)-1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (timestr_len < 13 && timestr_len != 11) {
|
if (timestr_len < 13) {
|
||||||
php_error_docref(NULL, E_WARNING, "Unable to parse time string %s correctly", timestr->data);
|
php_error_docref(NULL, E_WARNING, "Unable to parse time string %s correctly", timestr->data);
|
||||||
return (time_t)-1;
|
return (time_t)-1;
|
||||||
}
|
}
|
||||||
@ -778,13 +778,9 @@ static time_t php_openssl_asn1_time_to_time_t(ASN1_UTCTIME * timestr) /* {{{ */
|
|||||||
|
|
||||||
thestr = strbuf + timestr_len - 3;
|
thestr = strbuf + timestr_len - 3;
|
||||||
|
|
||||||
if (timestr_len == 11) {
|
thetime.tm_sec = atoi(thestr);
|
||||||
thetime.tm_sec = 0;
|
*thestr = '\0';
|
||||||
} else {
|
thestr -= 2;
|
||||||
thetime.tm_sec = atoi(thestr);
|
|
||||||
*thestr = '\0';
|
|
||||||
thestr -= 2;
|
|
||||||
}
|
|
||||||
thetime.tm_min = atoi(thestr);
|
thetime.tm_min = atoi(thestr);
|
||||||
*thestr = '\0';
|
*thestr = '\0';
|
||||||
thestr -= 2;
|
thestr -= 2;
|
||||||
|
56
ext/openssl/tests/gh13343.phpt
Normal file
56
ext/openssl/tests/gh13343.phpt
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
--TEST--
|
||||||
|
GH-13343: openssl_x509_parse should not allow omitted seconds in UTCTimes
|
||||||
|
--EXTENSIONS--
|
||||||
|
openssl
|
||||||
|
--SKIPIF--
|
||||||
|
<?php
|
||||||
|
if (OPENSSL_VERSION_NUMBER >= 0x30300000) die('skip For OpenSSL < 3.3');
|
||||||
|
?>
|
||||||
|
--FILE--
|
||||||
|
<?php
|
||||||
|
|
||||||
|
$pem_cert = '
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIGFDCCBPygAwIBAgIDKCHVMA0GCSqGSIb3DQEBBQUAMIHcMQswCQYDVQQGEwJV
|
||||||
|
UzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UE
|
||||||
|
ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjE5MDcGA1UECxMwaHR0cDov
|
||||||
|
L2NlcnRpZmljYXRlcy5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0b3J5MTEwLwYD
|
||||||
|
VQQDEyhTdGFyZmllbGQgU2VjdXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MREw
|
||||||
|
DwYDVQQFEwgxMDY4ODQzNTAcFwsxNDAxMDcwMDAwWhcNMTYwNDAxMDcwMDAwWjCB
|
||||||
|
6zETMBEGCysGAQQBgjc8AgEDEwJVUzEYMBYGCysGAQQBgjc8AgECEwdBcml6b25h
|
||||||
|
MR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjEUMBIGA1UEBRMLUi0xNzI0
|
||||||
|
NzQxLTYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpT
|
||||||
|
Y290dHNkYWxlMSQwIgYDVQQKExtTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBMTEMx
|
||||||
|
KzApBgNVBAMTInZhbGlkLnNmaS5jYXRlc3Quc3RhcmZpZWxkdGVjaC5jb20wggEi
|
||||||
|
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt1LHQOza9tkKxwGL+/yKi/Fe5
|
||||||
|
HM0sjvcM4ic1XVrvpewa4P/04IzGSjIGO3CXaSArxQMSzsTt2dcO9tSJ1Zk8c9NZ
|
||||||
|
XM8eVqx92iTMEf9OQcubWpzWmrPc3TAFhbVnfEmCptsXEgtxbAIbntrNeDk/hBPd
|
||||||
|
l4DYFYRdm3ZTk4JMIf/quDZe5Oti53J0UsxWXSSoqKyPNdb671Q+OTQfSDj7kVF4
|
||||||
|
+Ri3FIeAV16d2UnpBW1bgNqA5yITRskHE4bX98HDNHUTHioHpgA+fXfejWkGB/0F
|
||||||
|
QN4HbZcysYHhf1L5cWBtz9w5J00YmjM5fzWvTc3UUF9ou7m7JE4aqEbNOWb9AgMB
|
||||||
|
AAGjggHOMIIByjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
|
||||||
|
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwLQYDVR0RBCYwJIIidmFsaWQuc2ZpLmNh
|
||||||
|
dGVzdC5zdGFyZmllbGR0ZWNoLmNvbTAdBgNVHQ4EFgQUcO+QEqZcHphPW9szww9t
|
||||||
|
y+1AGmQwHwYDVR0jBBgwFoAUSUtSJ9EbvPKhIWpie1FCeorX1VYwOAYDVR0fBDEw
|
||||||
|
LzAtoCugKYYnaHR0cDovL2NybC5zdGFyZmllbGR0ZWNoLmNvbS9zZnMzLTAuY3Js
|
||||||
|
MIGNBggrBgEFBQcBAQSBgDB+MCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5zdGFy
|
||||||
|
ZmllbGR0ZWNoLmNvbS8wUAYIKwYBBQUHMAKGRGh0dHA6Ly9jZXJ0aWZpY2F0ZXMu
|
||||||
|
c3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS9zZl9pbnRlcm1lZGlhdGUuY3J0
|
||||||
|
MFIGA1UdIARLMEkwRwYLYIZIAYb9bgEHFwMwODA2BggrBgEFBQcCARYqaHR0cDov
|
||||||
|
L2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEB
|
||||||
|
BQUAA4IBAQAViYkLUjQkxWRmZl4DutL0/9/wJSURcJ1qunLP+TImJFp0A9RE/MNK
|
||||||
|
ZOmQoAEoH6hMg7FL4etkvTcnruTdcx+3mvqYiECUiUEx6pkx3dmkYgZACEuk2nfy
|
||||||
|
J0MkV/zwzqmI8aV+kunpOQv93aePZbrBgaAzkE8jDlExtd7c4pE7JF40jxmvDwjZ
|
||||||
|
HwpyNDULreGtFBij7JcWJCfihM3uetqrao0kOoeih1PQyJXtz2RldhFYs6Jdk3IL
|
||||||
|
Yv+84t5UMO+aS9nVBXIcbgaGjIMZjHDgR/tE9FKFB66k8UTDzAwwEs38VV24zx6h
|
||||||
|
lOzTF7xAUxmPUnNb2teatMf2Rmj0fs+d
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
';
|
||||||
|
|
||||||
|
$parsed_cert = openssl_x509_parse($pem_cert);
|
||||||
|
var_dump($parsed_cert['validFrom_time_t']);
|
||||||
|
?>
|
||||||
|
--EXPECTF--
|
||||||
|
|
||||||
|
Warning: openssl_x509_parse(): Unable to parse time string 1401070000Z correctly in %s on line %d
|
||||||
|
int(-1)
|
@ -1,7 +1,11 @@
|
|||||||
--TEST--
|
--TEST--
|
||||||
Bug #74341 (openssl_x509_parse fails to parse ASN.1 UTCTime without seconds)
|
GH-13343: openssl_x509_parse should not allow omitted seconds in UTCTimes for OpenSSL 3.3+
|
||||||
--EXTENSIONS--
|
--EXTENSIONS--
|
||||||
openssl
|
openssl
|
||||||
|
--SKIPIF--
|
||||||
|
<?php
|
||||||
|
if (OPENSSL_VERSION_NUMBER < 0x30300000) die('skip For OpenSSL >= 3.3');
|
||||||
|
?>
|
||||||
--FILE--
|
--FILE--
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
@ -43,10 +47,7 @@ lOzTF7xAUxmPUnNb2teatMf2Rmj0fs+d
|
|||||||
-----END CERTIFICATE-----
|
-----END CERTIFICATE-----
|
||||||
';
|
';
|
||||||
|
|
||||||
$parsed_cert = openssl_x509_parse($pem_cert);
|
var_dump(openssl_x509_parse($pem_cert));
|
||||||
var_dump($parsed_cert['validFrom_time_t']);
|
|
||||||
var_dump($parsed_cert['validTo_time_t']);
|
|
||||||
?>
|
?>
|
||||||
--EXPECT--
|
--EXPECT--
|
||||||
int(1389052800)
|
bool(false)
|
||||||
int(1459494000)
|
|
Loading…
Reference in New Issue
Block a user