summaryrefslogtreecommitdiffstats
path: root/php-5.5.6-CVE-2013-6420.patch
diff options
context:
space:
mode:
Diffstat (limited to 'php-5.5.6-CVE-2013-6420.patch')
-rw-r--r--php-5.5.6-CVE-2013-6420.patch90
1 files changed, 0 insertions, 90 deletions
diff --git a/php-5.5.6-CVE-2013-6420.patch b/php-5.5.6-CVE-2013-6420.patch
deleted file mode 100644
index 360d06a..0000000
--- a/php-5.5.6-CVE-2013-6420.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-diff -up php-5.5.6/ext/openssl/openssl.c.cve6420 php-5.5.6/ext/openssl/openssl.c
---- php-5.5.6/ext/openssl/openssl.c.cve6420 2013-11-12 15:17:27.000000000 +0100
-+++ php-5.5.6/ext/openssl/openssl.c 2013-12-06 09:45:33.910545670 +0100
-@@ -657,18 +657,28 @@ static time_t asn1_time_to_time_t(ASN1_U
- char * thestr;
- long gmadjust = 0;
-
-- if (timestr->length < 13) {
-+ if (ASN1_STRING_type(timestr) != V_ASN1_UTCTIME) {
-+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal ASN1 data type for timestamp");
-+ return (time_t)-1;
-+ }
-+
-+ if (ASN1_STRING_length(timestr) != strlen(ASN1_STRING_data(timestr))) {
-+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal length in timestamp");
-+ return (time_t)-1;
-+ }
-+
-+ if (ASN1_STRING_length(timestr) < 13) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "extension author too lazy to parse %s correctly", timestr->data);
- return (time_t)-1;
- }
-
-- strbuf = estrdup((char *)timestr->data);
-+ strbuf = estrdup((char *)ASN1_STRING_data(timestr));
-
- memset(&thetime, 0, sizeof(thetime));
-
- /* we work backwards so that we can use atoi more easily */
-
-- thestr = strbuf + timestr->length - 3;
-+ thestr = strbuf + ASN1_STRING_length(timestr) - 3;
-
- thetime.tm_sec = atoi(thestr);
- *thestr = '\0';
-diff -up php-5.5.6/ext/openssl/tests/cve-2013-6420.crt.cve6420 php-5.5.6/ext/openssl/tests/cve-2013-6420.crt
---- php-5.5.6/ext/openssl/tests/cve-2013-6420.crt.cve6420 2013-12-06 09:45:33.910545670 +0100
-+++ php-5.5.6/ext/openssl/tests/cve-2013-6420.crt 2013-12-06 09:45:33.910545670 +0100
-@@ -0,0 +1,29 @@
-+-----BEGIN CERTIFICATE-----
-+MIIEpDCCA4ygAwIBAgIJAJzu8r6u6eBcMA0GCSqGSIb3DQEBBQUAMIHDMQswCQYD
-+VQQGEwJERTEcMBoGA1UECAwTTm9yZHJoZWluLVdlc3RmYWxlbjEQMA4GA1UEBwwH
-+S8ODwrZsbjEUMBIGA1UECgwLU2VrdGlvbkVpbnMxHzAdBgNVBAsMFk1hbGljaW91
-+cyBDZXJ0IFNlY3Rpb24xITAfBgNVBAMMGG1hbGljaW91cy5zZWt0aW9uZWlucy5k
-+ZTEqMCgGCSqGSIb3DQEJARYbc3RlZmFuLmVzc2VyQHNla3Rpb25laW5zLmRlMHUY
-+ZDE5NzAwMTAxMDAwMDAwWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-+AAAAAAAXDTE0MTEyODExMzkzNVowgcMxCzAJBgNVBAYTAkRFMRwwGgYDVQQIDBNO
-+b3JkcmhlaW4tV2VzdGZhbGVuMRAwDgYDVQQHDAdLw4PCtmxuMRQwEgYDVQQKDAtT
-+ZWt0aW9uRWluczEfMB0GA1UECwwWTWFsaWNpb3VzIENlcnQgU2VjdGlvbjEhMB8G
-+A1UEAwwYbWFsaWNpb3VzLnNla3Rpb25laW5zLmRlMSowKAYJKoZIhvcNAQkBFhtz
-+dGVmYW4uZXNzZXJAc2VrdGlvbmVpbnMuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-+DwAwggEKAoIBAQDDAf3hl7JY0XcFniyEJpSSDqn0OqBr6QP65usJPRt/8PaDoqBu
-+wEYT/Na+6fsgPjC0uK9DZgWg2tHWWoanSblAMoz5PH6Z+S4SHRZ7e2dDIjPjdhjh
-+0mLg2UMO5yp0V797Ggs9lNt6JRfH81MN2obXWs4NtztLMuD6egqpr8dDbr34aOs8
-+pkdui5UawTZksy5pLPHq5cMhFGm06v65CLo0V2Pd9+KAokPrPcN5KLKebz7mLpk6
-+SMeEXOKP4idEqxyQ7O7fBuHMedsQhu+prY3si3BUyKfQtP5CZnX2bp0wKHxX12DX
-+1nfFIt9DbGvHTcyOuN+nZLPBm3vWxntyIIvVAgMBAAGjQjBAMAkGA1UdEwQCMAAw
-+EQYJYIZIAYb4QgEBBAQDAgeAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEF
-+BQcDAjANBgkqhkiG9w0BAQUFAAOCAQEAG0fZYYCTbdj1XYc+1SnoaPR+vI8C8CaD
-+8+0UYhdnyU4gga0BAcDrY9e94eEAu6ZqycF6FjLqXXdAboppWocr6T6GD1x33Ckl
-+VArzG/KxQohGD2JeqkhIMlDomxHO7ka39+Oa8i2vWLVyjU8AZvWMAruHa4EENyG7
-+lW2AagaFKFCr9TnXTfrdxGVEbv7KVQ6bdhg5p5SjpWH1+Mq03uR3ZXPBYdyV8319
-+o0lVj1KFI2DCL/liWisJRoof+1cR35Ctd0wYBcpB6TZslMcOPl76dwKwJgeJo2Qg
-+Zsfmc2vC1/qOlNuNq/0TzzkVGv8ETT3CgaU+UXe4XOVvkccebJn2dg==
-+-----END CERTIFICATE-----
-+
-+
-diff -up php-5.5.6/ext/openssl/tests/cve-2013-6420.phpt.cve6420 php-5.5.6/ext/openssl/tests/cve-2013-6420.phpt
---- php-5.5.6/ext/openssl/tests/cve-2013-6420.phpt.cve6420 2013-12-06 09:45:33.910545670 +0100
-+++ php-5.5.6/ext/openssl/tests/cve-2013-6420.phpt 2013-12-06 09:45:33.910545670 +0100
-@@ -0,0 +1,18 @@
-+--TEST--
-+CVE-2013-6420
-+--SKIPIF--
-+<?php
-+if (!extension_loaded("openssl")) die("skip");
-+?>
-+--FILE--
-+<?php
-+$crt = substr(__FILE__, 0, -4).'.crt';
-+$info = openssl_x509_parse("file://$crt");
-+var_dump($info['issuer']['emailAddress'], $info["validFrom_time_t"]);
-+?>
-+Done
-+--EXPECTF--
-+%s openssl_x509_parse(): illegal ASN1 data type for timestamp in %s/cve-2013-6420.php on line 3
-+string(27) "stefan.esser@sektioneins.de"
-+int(-1)
-+Done