Merge branch 'PHP-8.2' into PHP-8.3

bukka · bukka · commit ac07b6e7ace9 · 2023-10-22T13:23:10.000+01:00
diff --git a/NEWS b/NEWS
@@ -26,6 +26,10 @@ PHP                                                                        NEWS
   . Fixed bug GH-8143 (Crashes in zend_accel_inheritance_cache_find since
     upgrading to 8.1.3 due to corrupt on-disk file cache). (turchanov)
 
+- OpenSSL:
+  Fixed bug GH-12489 (Missing sigbio creation checking in openssl_cms_verify).
+  (Jakub Zelenka)
+
 - Random:
   . Fix Randomizer::getFloat() returning incorrect results under
     certain circumstances. (timwolla)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
@@ -5986,12 +5986,15 @@ PHP_FUNCTION(openssl_cms_verify)
 		goto clean_exit;
 	}
 	if (sigfile && (flags & CMS_DETACHED)) {
-		sigbio = php_openssl_bio_new_file(sigfile, sigfile_len, 1, PHP_OPENSSL_BIO_MODE_R(flags));
 		if (encoding == ENCODING_SMIME)  {
 			php_error_docref(NULL, E_WARNING,
 					 "Detached signatures not possible with S/MIME encoding");
 			goto clean_exit;
 		}
+		sigbio = php_openssl_bio_new_file(sigfile, sigfile_len, 1, PHP_OPENSSL_BIO_MODE_R(flags));
+		if (sigbio == NULL) {
+			goto clean_exit;
+		}
 	} else  {
 		sigbio = in;	/* non-detached signature */
 	}
diff --git a/ext/openssl/tests/gh12489.phpt b/ext/openssl/tests/gh12489.phpt
@@ -0,0 +1,36 @@
+--TEST--
+GH-12489: Missing sigbio creation checking in openssl_cms_verify
+--EXTENSIONS--
+openssl
+--FILE--
+<?php
+$infile = __DIR__ . "/plain.txt";
+$outfile = __DIR__ . "/out.cms";;
+$vout = $outfile . '.vout';
+
+$privkey = "file://" . __DIR__ . "/private_rsa_1024.key";
+$single_cert = "file://" . __DIR__ . "/cert.crt";
+$assoc_headers = array("To" => "test@test", "Subject" => "testing openssl_cms_sign()");
+$headers = array("test@test", "testing openssl_cms_sign()");
+
+var_dump(openssl_cms_sign($infile, $outfile, openssl_x509_read($single_cert), $privkey, $headers,
+             OPENSSL_CMS_DETACHED|OPENSSL_CMS_BINARY,OPENSSL_ENCODING_PEM));
+ini_set('open_basedir', __DIR__);
+var_dump(openssl_cms_verify($infile,OPENSSL_CMS_NOVERIFY|OPENSSL_CMS_DETACHED|OPENSSL_CMS_BINARY,
+         NULL, array(), NULL, $vout, NULL, "../test.cms", OPENSSL_ENCODING_PEM));
+var_dump(openssl_error_string());
+?>
+--CLEAN--
+<?php
+$outfile = __DIR__ . "/out.cms";;
+$vout = $outfile . '.vout';
+
+@unlink($outfile);
+@unlink($vout);
+?>
+--EXPECTF--
+bool(true)
+
+Warning: openssl_cms_verify(): open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s) in %s on line %d
+bool(false)
+bool(false)

Original file line number	Diff line number	Diff line change
`@@ -5986,12 +5986,15 @@ PHP_FUNCTION(openssl_cms_verify)`
`5986`	`5986`	`goto clean_exit;`
`5987`	`5987`	`}`
`5988`	`5988`	`if (sigfile && (flags & CMS_DETACHED)) {`
`5989`		`- sigbio = php_openssl_bio_new_file(sigfile, sigfile_len, 1, PHP_OPENSSL_BIO_MODE_R(flags));`
`5990`	`5989`	`if (encoding == ENCODING_SMIME) {`
`5991`	`5990`	`php_error_docref(NULL, E_WARNING,`
`5992`	`5991`	`"Detached signatures not possible with S/MIME encoding");`
`5993`	`5992`	`goto clean_exit;`
`5994`	`5993`	`}`
	`5994`	`+ sigbio = php_openssl_bio_new_file(sigfile, sigfile_len, 1, PHP_OPENSSL_BIO_MODE_R(flags));`
	`5995`	`+ if (sigbio == NULL) {`
	`5996`	`+ goto clean_exit;`
	`5997`	`+ }`
`5995`	`5998`	`} else {`
`5996`	`5999`	`sigbio = in; /* non-detached signature */`
`5997`	`6000`	`}`