Fix bug #50293 and #81713: file path checking in OpenSSL functions

It introduces a single function to check file paths passed to OpenSSL functions. It expands the path, check null bytes and finally does an open basedir check.
php · Jun 9, 2022 · b765d4c · b765d4c
1 parent e2d55f2
commit b765d4c
Show file tree

Hide file tree

Showing 7 changed files with 594 additions and 234 deletions.
diff --git a/NEWS b/NEWS
@@ -10,6 +10,12 @@ PHP                                                                        NEWS
 - MBString:
   . Fixed bug GH-8685 (pcre not ready at mbstring startup). (Remi)
 
+- OpenSSL:
+  . Fixed bug #50293 (Several openssl functions ignore the VCWD).
+    (Jakub Zelenka, cmb)
+  . Fixed bug #81713 (NULL byte injection in several OpenSSL functions working
+    with certificates). (Jakub Zelenka)
+
 - PDO ODBC:
   . Fixed errorInfo() result on successful PDOStatement->execute(). (Yurunsoft)
 

diff --git a/Zend/zend_API.c b/Zend/zend_API.c
@@ -345,7 +345,7 @@ ZEND_API ZEND_COLD void ZEND_FASTCALL zend_unexpected_extra_named_error(void)
 		class_name, space, get_active_function_name());
 }
 
-static ZEND_COLD void ZEND_FASTCALL zend_argument_error_variadic(zend_class_entry *error_ce, uint32_t arg_num, const char *format, va_list va) /* {{{ */
+ZEND_API ZEND_COLD void ZEND_FASTCALL zend_argument_error_variadic(zend_class_entry *error_ce, uint32_t arg_num, const char *format, va_list va) /* {{{ */
 {
 	zend_string *func_name;
 	const char *arg_name;

diff --git a/Zend/zend_API.h b/Zend/zend_API.h
@@ -1256,6 +1256,7 @@ ZEND_API ZEND_COLD void ZEND_FASTCALL zend_wrong_parameter_class_or_string_error
 ZEND_API ZEND_COLD void ZEND_FASTCALL zend_wrong_parameter_class_or_string_or_null_error(uint32_t num, const char *name, zval *arg);
 ZEND_API ZEND_COLD void ZEND_FASTCALL zend_wrong_callback_error(uint32_t num, char *error);
 ZEND_API ZEND_COLD void ZEND_FASTCALL zend_unexpected_extra_named_error(void);
+ZEND_API ZEND_COLD void ZEND_FASTCALL zend_argument_error_variadic(zend_class_entry *error_ce, uint32_t arg_num, const char *format, va_list va);
 ZEND_API ZEND_COLD void zend_argument_error(zend_class_entry *error_ce, uint32_t arg_num, const char *format, ...);
 ZEND_API ZEND_COLD void zend_argument_type_error(uint32_t arg_num, const char *format, ...);
 ZEND_API ZEND_COLD void zend_argument_value_error(uint32_t arg_num, const char *format, ...);