Permalink
Browse files

MFH r322485

Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
CVE-2011-3389
  • Loading branch information...
1 parent bbd6ab2 commit 398c6e6d1153ca2034a152977d1700629b146e43 Scott MacVicar committed Jan 26, 2012
Showing with 18 additions and 4 deletions.
  1. +3 −1 NEWS
  2. +10 −2 ext/ftp/ftp.c
  3. +5 −1 ext/openssl/xp_ssl.c
View
@@ -1,6 +1,8 @@
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? Jan 2012, PHP 5.4.0
+?? Jan 2012, PHP 5.4.0 RC 7
+- Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
+ CVE-2011-3389. (Scott)
19 Jan 2012, PHP 5.4.0 RC6
View
@@ -243,6 +243,7 @@ ftp_login(ftpbuf_t *ftp, const char *user, const char *pass TSRMLS_DC)
{
#if HAVE_OPENSSL_EXT
SSL_CTX *ctx = NULL;
+ long ssl_ctx_options = SSL_OP_ALL;
#endif
if (ftp == NULL) {
return 0;
@@ -279,7 +280,10 @@ ftp_login(ftpbuf_t *ftp, const char *user, const char *pass TSRMLS_DC)
return 0;
}
- SSL_CTX_set_options(ctx, SSL_OP_ALL);
+#if OPENSSL_VERSION_NUMBER >= 0x0090605fL
+ ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+#endif
+ SSL_CTX_set_options(ctx, ssl_ctx_options);
ftp->ssl_handle = SSL_new(ctx);
if (ftp->ssl_handle == NULL) {
@@ -1495,6 +1499,7 @@ data_accept(databuf_t *data, ftpbuf_t *ftp TSRMLS_DC)
#if HAVE_OPENSSL_EXT
SSL_CTX *ctx;
+ long ssl_ctx_options = SSL_OP_ALL;
#endif
if (data->fd != -1) {
@@ -1521,7 +1526,10 @@ data_accept(databuf_t *data, ftpbuf_t *ftp TSRMLS_DC)
return 0;
}
- SSL_CTX_set_options(ctx, SSL_OP_ALL);
+#if OPENSSL_VERSION_NUMBER >= 0x0090605fL
+ ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+#endif
+ SSL_CTX_set_options(ctx, ssl_ctx_options);
data->ssl_handle = SSL_new(ctx);
if (data->ssl_handle == NULL) {
@@ -310,6 +310,7 @@ static inline int php_openssl_setup_crypto(php_stream *stream,
TSRMLS_DC)
{
SSL_METHOD *method;
+ long ssl_ctx_options = SSL_OP_ALL;
if (sslsock->ssl_handle) {
if (sslsock->s.is_blocked) {
@@ -377,7 +378,10 @@ static inline int php_openssl_setup_crypto(php_stream *stream,
return -1;
}
- SSL_CTX_set_options(sslsock->ctx, SSL_OP_ALL);
+#if OPENSSL_VERSION_NUMBER >= 0x0090605fL
+ ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+#endif
+ SSL_CTX_set_options(sslsock->ctx, ssl_ctx_options);
#if OPENSSL_VERSION_NUMBER >= 0x0090806fL
{

0 comments on commit 398c6e6

Please sign in to comment.