New upstream version 5.6.0~rc1+dfsgupstream/5.6.0_rc1+dfsg

5 files changed, 66 insertions, 21 deletions

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 8badbf7e0..0d9b9564d 100755
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -708,7 +708,7 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /* {{{ */
 	char * thestr;
 	long gmadjust = 0;
 
-	if (ASN1_STRING_type(timestr) != V_ASN1_UTCTIME) {
+	if (ASN1_STRING_type(timestr) != V_ASN1_UTCTIME && ASN1_STRING_type(timestr) != V_ASN1_GENERALIZEDTIME) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal ASN1 data type for timestamp");
 		return (time_t)-1;
 	}
@@ -723,6 +723,11 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /* {{{ */
 		return (time_t)-1;
 	}
 
+	if (ASN1_STRING_type(timestr) == V_ASN1_GENERALIZEDTIME && ASN1_STRING_length(timestr) < 15) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to parse time string %s correctly", timestr->data);
+		return (time_t)-1;
+	}
+
 	strbuf = estrdup((char *)ASN1_STRING_data(timestr));
 
 	memset(&thetime, 0, sizeof(thetime));
@@ -744,14 +749,21 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /* {{{ */
 	*thestr = '\0';
 	thestr -= 2;
 	thetime.tm_mon = atoi(thestr)-1;
+
 	*thestr = '\0';
-	thestr -= 2;
-	thetime.tm_year = atoi(thestr);
+	if( ASN1_STRING_type(timestr) == V_ASN1_UTCTIME ) {
+		thestr -= 2;
+		thetime.tm_year = atoi(thestr);
 
-	if (thetime.tm_year < 68) {
-		thetime.tm_year += 100;
+		if (thetime.tm_year < 68) {
+			thetime.tm_year += 100;
+		}
+	} else if( ASN1_STRING_type(timestr) == V_ASN1_GENERALIZEDTIME ) {
+		thestr -= 4;
+		thetime.tm_year = atoi(thestr) - 1900;
 	}
 
+
 	thetime.tm_isdst = -1;
 	ret = mktime(&thetime);
 
diff --git a/ext/openssl/tests/bug65698.crt b/ext/openssl/tests/bug65698.crt
new file mode 100644
index 000000000..c4a026113
--- /dev/null
+++ b/ext/openssl/tests/bug65698.crt
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEsTCCA5mgAwIBAgIQdwrGwrpRpBwdXS+ZsmsMGjANBgkqhkiG9w0BAQUFADA+
+MQswCQYDVQQGEwJQTDEbMBkGA1UEChMSVW5pemV0byBTcC4geiBvLm8uMRIwEAYD
+VQQDEwlDZXJ0dW0gQ0EwIhgPMjAwOTAzMDMxMjUzMThaGA8yMDI0MDMwMzEyNTMx
+OFowdzELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVz
+IFMuQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEb
+MBkGA1UEAxMSQ2VydHVtIExldmVsIElJIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA4LE0Ixw8h5Lper9tHVtZkWIujxYsPVgUZABeZZgQsKTdJjaG
+VP64B/oiEV5Hd3AxRqaZ7dRRsf4Pg/PSS/2mHRQQ/SH3XACbrDHmucDvYgtU/WoZ
+yp9d6PXVPY4j7J5t/52s+EbZD5swSuQLGjZ9iwg9sXX3JdJ9Ty+B3z80oiajpK0B
+wqAxrcX3DekEOknj7LkAOK6iuQKI85REj4IVb9kD7KKIWdISGbfL4Ezh/TP51e0L
+/WhTJ7lHbHbRzFfPU/oi3Qyt5tEexrPKe+6N+Jrejdb5Ya7Ne3tKujDU7KlbO+dn
+pzFH7VHkBPJcQJ7QUrprPaqVsVg3JJ1PXTqVnwIDAQABo4IBbDCCAWgwDwYDVR0T
+AQH/BAUwAwEB/zAdBgNVHQ4EFgQUgGIR3sBrpxDhCPBVtDCDv/qPCGAwUgYDVR0j
+BEswSaFCpEAwPjELMAkGA1UEBhMCUEwxGzAZBgNVBAoTElVuaXpldG8gU3AuIHog
+by5vLjESMBAGA1UEAxMJQ2VydHVtIENBggMBACAwDgYDVR0PAQH/BAQDAgEGMCwG
+A1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly9jcmwuY2VydHVtLnBsL2NhLmNybDBoBggr
+BgEFBQcBAQRcMFowKAYIKwYBBQUHMAGGHGh0dHA6Ly9zdWJjYS5vY3NwLWNlcnR1
+bS5jb20wLgYIKwYBBQUHMAKGImh0dHA6Ly9yZXBvc2l0b3J5LmNlcnR1bS5wbC9j
+YS5jZXIwOgYDVR0gBDMwMTAvBgRVHSAAMCcwJQYIKwYBBQUHAgEWGWh0dHBzOi8v
+d3d3LmNlcnR1bS5wbC9DUFMwDQYJKoZIhvcNAQEFBQADggEBAI/jSDAW/w9qLzF6
+4oQiIRB7dGKp2Nlj27xZFYDBRINn4DKyZExkpanASF2of9eEzvrS+qoDY29mhXCi
+MkiGr0vCsVhn0ReUpjg4Z5SsiQhZ2BGSjXiOJgaDI7Dw1MH7Ru6jdfSbLyd97EFj
+ER0ERGdrcA2kLw7KfQm78IkClXEEKjKnAUTn1d/5Y4UuBWDCEL0FLgO9AqNXEzIy
+rlXVGIs73kdefAK+Z1T6dm83vUrDMyzemWNRBI2tVBujkN6zkaF6uPjE4hfoIkEQ
+Z4317byFkG4mxjATU+tQLG1Bs88HUAOrxtJOo/WoeCNsFJaxbYPt4oQGxIVYdz29
+OUX9CQA=
+-----END CERTIFICATE-----
diff --git a/ext/openssl/tests/bug65698.phpt b/ext/openssl/tests/bug65698.phpt
new file mode 100644
index 000000000..35d31764d
--- /dev/null
+++ b/ext/openssl/tests/bug65698.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Bug #65689 (GeneralizedTime format parsing)
+--SKIPIF--
+<?php 
+if (!extension_loaded("openssl")) die("skip"); 
+?>
+--FILE--
+<?php
+$crt = substr(__FILE__, 0, -4).'.crt';
+$info = openssl_x509_parse("file://$crt");
+var_dump($info["validFrom"], $info["validFrom_time_t"], $info["validTo"], $info["validTo_time_t"]);
+?>
+Done
+--EXPECTF--
+string(15) "20090303125318Z"
+int(1236084798)
+string(15) "20240303125318Z"
+int(1709470398)
+Done
diff --git a/ext/openssl/tests/cve-2013-6420.phpt b/ext/openssl/tests/cve-2013-6420.phpt
index 87c0210b2..ccead0aab 100644
--- a/ext/openssl/tests/cve-2013-6420.phpt
+++ b/ext/openssl/tests/cve-2013-6420.phpt
@@ -12,7 +12,7 @@ var_dump($info['issuer']['emailAddress'], $info["validFrom_time_t"]);
 ?>
 Done
 --EXPECTF--
-%s openssl_x509_parse(): illegal ASN1 data type for timestamp in %s%ecve-2013-6420.php on line 3
+%s openssl_x509_parse(): illegal length in timestamp in %s%ecve-2013-6420.php on line 3
 string(27) "stefan.esser@sektioneins.de"
 int(-1)
 Done
diff --git a/ext/openssl/tests/openssl_spki_verify.phpt b/ext/openssl/tests/openssl_spki_verify.phpt
index 1ee573fd3..52dc8e204 100644
--- a/ext/openssl/tests/openssl_spki_verify.phpt
+++ b/ext/openssl/tests/openssl_spki_verify.phpt
@@ -17,9 +17,7 @@ $ksize = array('1024'=>1024,
 			   '4096'=>4096);
 
 /* array of available hashings to test */
-$algo = array('md4'=>OPENSSL_ALGO_MD4,
-              'md5'=>OPENSSL_ALGO_MD5,
-              'sha1'=>OPENSSL_ALGO_SHA1,
+$algo = array('sha1'=>OPENSSL_ALGO_SHA1,
 			  'sha224'=>OPENSSL_ALGO_SHA224,
               'sha256'=>OPENSSL_ALGO_SHA256,
               'sha384'=>OPENSSL_ALGO_SHA384,
@@ -90,16 +88,4 @@ bool(false)
 bool(true)
 bool(false)
 bool(true)
-bool(false)
-bool(true)
-bool(false)
-bool(true)
-bool(false)
-bool(true)
-bool(false)
-bool(true)
-bool(false)
-bool(true)
-bool(false)
-bool(true)
 bool(false)
\ No newline at end of file