37 lines
1.3 KiB
Diff
37 lines
1.3 KiB
Diff
diff -up php-5.3.27/ext/openssl/openssl.c.CVE-2013-6420 php-5.3.27/ext/openssl/openssl.c
|
|
--- php-5.3.27/ext/openssl/openssl.c.CVE-2013-6420 2013-12-13 20:13:30.108796370 +0700
|
|
+++ php-5.3.27/ext/openssl/openssl.c 2013-12-13 20:15:22.626794650 +0700
|
|
@@ -644,18 +644,28 @@ static time_t asn1_time_to_time_t(ASN1_U
|
|
char * thestr;
|
|
long gmadjust = 0;
|
|
|
|
- if (timestr->length < 13) {
|
|
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "extension author too lazy to parse %s correctly", timestr->data);
|
|
+ if (ASN1_STRING_type(timestr) != V_ASN1_UTCTIME) {
|
|
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal ASN1 data type for timestamp");
|
|
return (time_t)-1;
|
|
}
|
|
|
|
- strbuf = estrdup((char *)timestr->data);
|
|
+ if (ASN1_STRING_length(timestr) != strlen(ASN1_STRING_data(timestr))) {
|
|
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal length in timestamp");
|
|
+ return (time_t)-1;
|
|
+ }
|
|
+
|
|
+ if (ASN1_STRING_length(timestr) < 13) {
|
|
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to parse time string %s correctly", timestr->data);
|
|
+ return (time_t)-1;
|
|
+ }
|
|
+
|
|
+ strbuf = estrdup((char *)ASN1_STRING_data(timestr));
|
|
|
|
memset(&thetime, 0, sizeof(thetime));
|
|
|
|
/* we work backwards so that we can use atoi more easily */
|
|
|
|
- thestr = strbuf + timestr->length - 3;
|
|
+ thestr = strbuf + ASN1_STRING_length(timestr) - 3;
|
|
|
|
thetime.tm_sec = atoi(thestr);
|
|
*thestr = '\0';
|
