Imported Upstream version 5.3.6upstream/5.3.6

5 files changed, 109 insertions, 26 deletions

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index ce36bd2a7..a17eb0e5b 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -2,7 +2,7 @@
    +----------------------------------------------------------------------+
    | PHP Version 5                                                        |
    +----------------------------------------------------------------------+
-   | Copyright (c) 1997-2010 The PHP Group                                |
+   | Copyright (c) 1997-2011 The PHP Group                                |
    +----------------------------------------------------------------------+
    | This source file is subject to version 3.01 of the PHP license,      |
    | that is bundled with this package in the file LICENSE, and is        |
@@ -20,7 +20,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: openssl.c 305902 2010-12-02 11:37:43Z pajoye $ */
+/* $Id: openssl.c 308534 2011-02-21 12:47:38Z pajoye $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -3543,14 +3543,13 @@ PHP_FUNCTION(openssl_pkcs7_sign)
 	char * outfilename;	int outfilename_len;
 	char * extracertsfilename = NULL; int extracertsfilename_len;
 
-	RETVAL_FALSE;
-
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssZZa!|ls",
 				&infilename, &infilename_len, &outfilename, &outfilename_len,
 				&zcert, &zprivkey, &zheaders, &flags, &extracertsfilename,
 				&extracertsfilename_len) == FAILURE) {
 		return;
 	}
+	RETVAL_FALSE;
 
 	if (strlen(infilename) != infilename_len) {
 		return;
@@ -4731,6 +4730,7 @@ PHP_FUNCTION(openssl_encrypt)
 	if (free_iv) {
 		efree(iv);
 	}
+	EVP_CIPHER_CTX_cleanup(&cipher_ctx);
 }
 /* }}} */
 
@@ -4804,6 +4804,7 @@ PHP_FUNCTION(openssl_decrypt)
 	if (base64_str) {
 		efree(base64_str);
 	}
+ 	EVP_CIPHER_CTX_cleanup(&cipher_ctx);
 }
 /* }}} */
 
diff --git a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h
index bddd8e732..0d15f41f8 100644
--- a/ext/openssl/php_openssl.h
+++ b/ext/openssl/php_openssl.h
@@ -2,7 +2,7 @@
    +----------------------------------------------------------------------+
    | PHP Version 5                                                        |
    +----------------------------------------------------------------------+
-   | Copyright (c) 1997-2010 The PHP Group                                |
+   | Copyright (c) 1997-2011 The PHP Group                                |
    +----------------------------------------------------------------------+
    | This source file is subject to version 3.01 of the PHP license,      |
    | that is bundled with this package in the file LICENSE, and is        |
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: php_openssl.h 293036 2010-01-03 09:23:27Z sebastian $ */
+/* $Id: php_openssl.h 306939 2011-01-01 02:19:59Z felipe $ */
 
 #ifndef PHP_OPENSSL_H
 #define PHP_OPENSSL_H
diff --git a/ext/openssl/tests/bug54060.phpt b/ext/openssl/tests/bug54060.phpt
new file mode 100644
index 000000000..fe8ca94a5
--- /dev/null
+++ b/ext/openssl/tests/bug54060.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #54060 (Memory leak in openssl_encrypt)
+--SKIPIF--
+<?php if (!extension_loaded("openssl")) die("skip"); ?>
+--FILE--
+<?php
+
+$data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243
+r7-89437 r892374 r894372 r894 7289r7 f  frwerfh i iurf iuryw uyrfouiwy ruy
+972439 8478942 yrhfjkdhls";
+$pass = "r23498rui324hjbnkj";
+
+openssl_encrypt($data, 'des3', $pass, false, '1qazxsw2');
+echo "Done";
+?>
+--EXPECT--
+Done
diff --git a/ext/openssl/tests/bug54061.phpt b/ext/openssl/tests/bug54061.phpt
new file mode 100644
index 000000000..cef394411
--- /dev/null
+++ b/ext/openssl/tests/bug54061.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #54061 (Memory leak in openssl_decrypt)
+--SKIPIF--
+<?php if (!extension_loaded("openssl")) die("skip"); ?>
+--FILE--
+<?php
+$data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243
+r7-89437 r892374 r894372 r894 7289r7 f  frwerfh i iurf iuryw uyrfouiwy ruy
+972439 8478942 yrhfjkdhls";
+$pass = "r23498rui324hjbnkj";
+
+$cr = openssl_encrypt($data, 'des3', $pass, false, '1qazxsw2');
+$dcr = openssl_decrypt($cr, 'des3', $pass, false, '1qazxsw2');
+echo "Done";
+?>
+--EXPECT--
+Done
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index 135a9b001..1cfdf1017 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -2,7 +2,7 @@
   +----------------------------------------------------------------------+
   | PHP Version 5                                                        |
   +----------------------------------------------------------------------+
-  | Copyright (c) 1997-2010 The PHP Group                                |
+  | Copyright (c) 1997-2011 The PHP Group                                |
   +----------------------------------------------------------------------+
   | This source file is subject to version 3.01 of the PHP license,      |
   | that is bundled with this package in the file LICENSE, and is        |
@@ -16,7 +16,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: xp_ssl.c 303839 2010-09-29 01:25:35Z felipe $ */
+/* $Id: xp_ssl.c 306939 2011-01-01 02:19:59Z felipe $ */
 
 #include "php.h"
 #include "ext/standard/file.h"
@@ -369,6 +369,18 @@ static inline int php_openssl_setup_crypto(php_stream *stream,
 
 	SSL_CTX_set_options(sslsock->ctx, SSL_OP_ALL);
 
+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL
+	{
+		zval **val;
+
+		if (stream->context && SUCCESS == php_stream_context_get_option(
+					stream->context, "ssl", "no_ticket", &val) && 
+				zval_is_true(*val)) {
+			SSL_CTX_set_options(sslsock->ctx, SSL_OP_NO_TICKET);
+		}
+	}
+#endif
+
 	sslsock->ssl_handle = php_SSL_new_from_context(sslsock->ctx, stream TSRMLS_CC);
 	if (sslsock->ssl_handle == NULL) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "failed to create an SSL handle");
@@ -399,8 +411,10 @@ static inline int php_openssl_enable_crypto(php_stream *stream,
 	int n, retry = 1;
 
 	if (cparam->inputs.activate && !sslsock->ssl_active) {
-		float timeout = sslsock->connect_timeout.tv_sec + sslsock->connect_timeout.tv_usec / 1000000;
-		int blocked = sslsock->s.is_blocked;
+		struct timeval	start_time,
+						*timeout;
+		int				blocked		= sslsock->s.is_blocked,
+						has_timeout = 0;
 
 #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
 		if (sslsock->is_client && sslsock->sni) {
@@ -417,36 +431,70 @@ static inline int php_openssl_enable_crypto(php_stream *stream,
 			sslsock->state_set = 1;
 		}
 	
-		if (sslsock->is_client && SUCCESS == php_set_sock_blocking(sslsock->s.socket, 0 TSRMLS_CC)) {
-                	sslsock->s.is_blocked = 0;
+		if (SUCCESS == php_set_sock_blocking(sslsock->s.socket, 0 TSRMLS_CC)) {
+			sslsock->s.is_blocked = 0;
 		}
+		
+		timeout = sslsock->is_client ? &sslsock->connect_timeout : &sslsock->s.timeout;
+		has_timeout = !sslsock->s.is_blocked && (timeout->tv_sec || timeout->tv_usec);
+		/* gettimeofday is not monotonic; using it here is not strictly correct */
+		if (has_timeout) {
+			gettimeofday(&start_time, NULL);
+		}
+		
 		do {
+			struct timeval	cur_time,
+							elapsed_time;
+			
 			if (sslsock->is_client) {
-				struct timeval tvs, tve;
-				struct timezone tz;
-
-				gettimeofday(&tvs, &tz);
 				n = SSL_connect(sslsock->ssl_handle);
-				gettimeofday(&tve, &tz);
+			} else {
+				n = SSL_accept(sslsock->ssl_handle);
+			}
 
-				timeout -= (tve.tv_sec + (float) tve.tv_usec / 1000000) - (tvs.tv_sec + (float) tvs.tv_usec / 1000000);
-				if (timeout < 0) {
-					php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSL: connection timeout");
+			if (has_timeout) {
+				gettimeofday(&cur_time, NULL);
+				elapsed_time.tv_sec  = cur_time.tv_sec  - start_time.tv_sec;
+				elapsed_time.tv_usec = cur_time.tv_usec - start_time.tv_usec;
+				if (cur_time.tv_usec < start_time.tv_usec) {
+					elapsed_time.tv_sec  -= 1L;
+					elapsed_time.tv_usec += 1000000L;
+				}
+			
+				if (elapsed_time.tv_sec > timeout->tv_sec ||
+						(elapsed_time.tv_sec == timeout->tv_sec &&
+						elapsed_time.tv_usec > timeout->tv_usec)) {
+					php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSL: crypto enabling timeout");
 					return -1;
 				}
-			} else {
-				n = SSL_accept(sslsock->ssl_handle);
 			}
 
 			if (n <= 0) {
-				retry = handle_ssl_error(stream, n, sslsock->is_client || sslsock->s.is_blocked TSRMLS_CC);
-
+				/* in case of SSL_ERROR_WANT_READ/WRITE, do not retry in non-blocking mode */
+				retry = handle_ssl_error(stream, n, blocked TSRMLS_CC);
+				if (retry) {
+					/* wait until something interesting happens in the socket. It may be a
+					 * timeout. Also consider the unlikely of possibility of a write block  */
+					int err = SSL_get_error(sslsock->ssl_handle, n);
+					struct timeval left_time;
+					
+					if (has_timeout) {
+						left_time.tv_sec  = timeout->tv_sec  - elapsed_time.tv_sec;
+						left_time.tv_usec =	timeout->tv_usec - elapsed_time.tv_usec;
+						if (timeout->tv_usec < elapsed_time.tv_usec) {
+							left_time.tv_sec  -= 1L;
+							left_time.tv_usec += 1000000L;
+						}
+					}
+					php_pollfd_for(sslsock->s.socket, (err == SSL_ERROR_WANT_READ) ?
+						(POLLIN|POLLPRI) : POLLOUT, has_timeout ? &left_time : NULL);
+				}
 			} else {
-				break;
+				retry = 0;
 			}
 		} while (retry);
 
-		if (sslsock->is_client && sslsock->s.is_blocked != blocked && SUCCESS == php_set_sock_blocking(sslsock->s.socket, blocked TSRMLS_CC)) {
+		if (sslsock->s.is_blocked != blocked && SUCCESS == php_set_sock_blocking(sslsock->s.socket, blocked TSRMLS_CC)) {
 			sslsock->s.is_blocked = blocked;
 		}