diff options
Diffstat (limited to 'php-5.5.6-CVE-2013-6420.patch')
-rw-r--r-- | php-5.5.6-CVE-2013-6420.patch | 90 |
1 files changed, 0 insertions, 90 deletions
diff --git a/php-5.5.6-CVE-2013-6420.patch b/php-5.5.6-CVE-2013-6420.patch deleted file mode 100644 index 360d06a..0000000 --- a/php-5.5.6-CVE-2013-6420.patch +++ /dev/null @@ -1,90 +0,0 @@ -diff -up php-5.5.6/ext/openssl/openssl.c.cve6420 php-5.5.6/ext/openssl/openssl.c ---- php-5.5.6/ext/openssl/openssl.c.cve6420 2013-11-12 15:17:27.000000000 +0100 -+++ php-5.5.6/ext/openssl/openssl.c 2013-12-06 09:45:33.910545670 +0100 -@@ -657,18 +657,28 @@ static time_t asn1_time_to_time_t(ASN1_U - char * thestr; - long gmadjust = 0; - -- if (timestr->length < 13) { -+ if (ASN1_STRING_type(timestr) != V_ASN1_UTCTIME) { -+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal ASN1 data type for timestamp"); -+ return (time_t)-1; -+ } -+ -+ if (ASN1_STRING_length(timestr) != strlen(ASN1_STRING_data(timestr))) { -+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal length in timestamp"); -+ return (time_t)-1; -+ } -+ -+ if (ASN1_STRING_length(timestr) < 13) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "extension author too lazy to parse %s correctly", timestr->data); - return (time_t)-1; - } - -- strbuf = estrdup((char *)timestr->data); -+ strbuf = estrdup((char *)ASN1_STRING_data(timestr)); - - memset(&thetime, 0, sizeof(thetime)); - - /* we work backwards so that we can use atoi more easily */ - -- thestr = strbuf + timestr->length - 3; -+ thestr = strbuf + ASN1_STRING_length(timestr) - 3; - - thetime.tm_sec = atoi(thestr); - *thestr = '\0'; -diff -up php-5.5.6/ext/openssl/tests/cve-2013-6420.crt.cve6420 php-5.5.6/ext/openssl/tests/cve-2013-6420.crt ---- php-5.5.6/ext/openssl/tests/cve-2013-6420.crt.cve6420 2013-12-06 09:45:33.910545670 +0100 -+++ php-5.5.6/ext/openssl/tests/cve-2013-6420.crt 2013-12-06 09:45:33.910545670 +0100 -@@ -0,0 +1,29 @@ -+-----BEGIN CERTIFICATE----- -+MIIEpDCCA4ygAwIBAgIJAJzu8r6u6eBcMA0GCSqGSIb3DQEBBQUAMIHDMQswCQYD -+VQQGEwJERTEcMBoGA1UECAwTTm9yZHJoZWluLVdlc3RmYWxlbjEQMA4GA1UEBwwH -+S8ODwrZsbjEUMBIGA1UECgwLU2VrdGlvbkVpbnMxHzAdBgNVBAsMFk1hbGljaW91 -+cyBDZXJ0IFNlY3Rpb24xITAfBgNVBAMMGG1hbGljaW91cy5zZWt0aW9uZWlucy5k -+ZTEqMCgGCSqGSIb3DQEJARYbc3RlZmFuLmVzc2VyQHNla3Rpb25laW5zLmRlMHUY -+ZDE5NzAwMTAxMDAwMDAwWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -+AAAAAAAXDTE0MTEyODExMzkzNVowgcMxCzAJBgNVBAYTAkRFMRwwGgYDVQQIDBNO -+b3JkcmhlaW4tV2VzdGZhbGVuMRAwDgYDVQQHDAdLw4PCtmxuMRQwEgYDVQQKDAtT -+ZWt0aW9uRWluczEfMB0GA1UECwwWTWFsaWNpb3VzIENlcnQgU2VjdGlvbjEhMB8G -+A1UEAwwYbWFsaWNpb3VzLnNla3Rpb25laW5zLmRlMSowKAYJKoZIhvcNAQkBFhtz -+dGVmYW4uZXNzZXJAc2VrdGlvbmVpbnMuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB -+DwAwggEKAoIBAQDDAf3hl7JY0XcFniyEJpSSDqn0OqBr6QP65usJPRt/8PaDoqBu -+wEYT/Na+6fsgPjC0uK9DZgWg2tHWWoanSblAMoz5PH6Z+S4SHRZ7e2dDIjPjdhjh -+0mLg2UMO5yp0V797Ggs9lNt6JRfH81MN2obXWs4NtztLMuD6egqpr8dDbr34aOs8 -+pkdui5UawTZksy5pLPHq5cMhFGm06v65CLo0V2Pd9+KAokPrPcN5KLKebz7mLpk6 -+SMeEXOKP4idEqxyQ7O7fBuHMedsQhu+prY3si3BUyKfQtP5CZnX2bp0wKHxX12DX -+1nfFIt9DbGvHTcyOuN+nZLPBm3vWxntyIIvVAgMBAAGjQjBAMAkGA1UdEwQCMAAw -+EQYJYIZIAYb4QgEBBAQDAgeAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEF -+BQcDAjANBgkqhkiG9w0BAQUFAAOCAQEAG0fZYYCTbdj1XYc+1SnoaPR+vI8C8CaD -+8+0UYhdnyU4gga0BAcDrY9e94eEAu6ZqycF6FjLqXXdAboppWocr6T6GD1x33Ckl -+VArzG/KxQohGD2JeqkhIMlDomxHO7ka39+Oa8i2vWLVyjU8AZvWMAruHa4EENyG7 -+lW2AagaFKFCr9TnXTfrdxGVEbv7KVQ6bdhg5p5SjpWH1+Mq03uR3ZXPBYdyV8319 -+o0lVj1KFI2DCL/liWisJRoof+1cR35Ctd0wYBcpB6TZslMcOPl76dwKwJgeJo2Qg -+Zsfmc2vC1/qOlNuNq/0TzzkVGv8ETT3CgaU+UXe4XOVvkccebJn2dg== -+-----END CERTIFICATE----- -+ -+ -diff -up php-5.5.6/ext/openssl/tests/cve-2013-6420.phpt.cve6420 php-5.5.6/ext/openssl/tests/cve-2013-6420.phpt ---- php-5.5.6/ext/openssl/tests/cve-2013-6420.phpt.cve6420 2013-12-06 09:45:33.910545670 +0100 -+++ php-5.5.6/ext/openssl/tests/cve-2013-6420.phpt 2013-12-06 09:45:33.910545670 +0100 -@@ -0,0 +1,18 @@ -+--TEST-- -+CVE-2013-6420 -+--SKIPIF-- -+<?php -+if (!extension_loaded("openssl")) die("skip"); -+?> -+--FILE-- -+<?php -+$crt = substr(__FILE__, 0, -4).'.crt'; -+$info = openssl_x509_parse("file://$crt"); -+var_dump($info['issuer']['emailAddress'], $info["validFrom_time_t"]); -+?> -+Done -+--EXPECTF-- -+%s openssl_x509_parse(): illegal ASN1 data type for timestamp in %s/cve-2013-6420.php on line 3 -+string(27) "stefan.esser@sektioneins.de" -+int(-1) -+Done |