Skip to content

Commit f666ce6

Browse files
alexandre-dauboisalexandre-daubois
committed
Fix GH-18988: Check unchecked error-prone calls in ext/ssl
1 parent 8972938 commit f666ce6

File tree

2 files changed

+42
-15
lines changed

2 files changed

+42
-15
lines changed

ext/openssl/openssl.c

Lines changed: 36 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -971,7 +971,9 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
971971
if (str != NULL && php_openssl_check_path_ex(str, strlen(str), path, 0, false, false, "oid_file")) {
972972
BIO *oid_bio = BIO_new_file(path, PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY));
973973
if (oid_bio) {
974-
OBJ_create_objects(oid_bio);
974+
if (OBJ_create_objects(oid_bio) == 0) {
975+
php_openssl_store_errors();
976+
}
975977
BIO_free(oid_bio);
976978
php_openssl_store_errors();
977979
}
@@ -1299,7 +1301,10 @@ PHP_MINIT_FUNCTION(openssl)
12991301
OSSL_PROVIDER_load(NULL, "legacy");
13001302
OSSL_PROVIDER_load(NULL, "default");
13011303
#endif
1302-
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
1304+
if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) != 1) {
1305+
php_error_docref(NULL, E_WARNING, "Failed to initialize OpenSSL");
1306+
return FAILURE;
1307+
}
13031308
#endif
13041309

13051310
/* register a resource id number with OpenSSL so that we can map SSL -> stream structures in
@@ -2060,22 +2065,34 @@ static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension)
20602065
name = sk_GENERAL_NAME_value(names, i);
20612066
switch (name->type) {
20622067
case GEN_EMAIL:
2063-
BIO_puts(bio, "email:");
2068+
if (BIO_puts(bio, "email:") < 0) {
2069+
php_openssl_store_errors();
2070+
}
20642071
as = name->d.rfc822Name;
2065-
BIO_write(bio, ASN1_STRING_get0_data(as),
2066-
ASN1_STRING_length(as));
2072+
if (BIO_write(bio, ASN1_STRING_get0_data(as),
2073+
ASN1_STRING_length(as)) < 0) {
2074+
php_openssl_store_errors();
2075+
}
20672076
break;
20682077
case GEN_DNS:
2069-
BIO_puts(bio, "DNS:");
2078+
if (BIO_puts(bio, "DNS:") < 0) {
2079+
php_openssl_store_errors();
2080+
}
20702081
as = name->d.dNSName;
2071-
BIO_write(bio, ASN1_STRING_get0_data(as),
2072-
ASN1_STRING_length(as));
2082+
if (BIO_write(bio, ASN1_STRING_get0_data(as),
2083+
ASN1_STRING_length(as)) < 0) {
2084+
php_openssl_store_errors();
2085+
}
20732086
break;
20742087
case GEN_URI:
2075-
BIO_puts(bio, "URI:");
2088+
if (BIO_puts(bio, "URI:") < 0) {
2089+
php_openssl_store_errors();
2090+
}
20762091
as = name->d.uniformResourceIdentifier;
2077-
BIO_write(bio, ASN1_STRING_get0_data(as),
2078-
ASN1_STRING_length(as));
2092+
if (BIO_write(bio, ASN1_STRING_get0_data(as),
2093+
ASN1_STRING_length(as)) < 0) {
2094+
php_openssl_store_errors();
2095+
}
20792096
break;
20802097
default:
20812098
/* use builtin print for GEN_OTHERNAME, GEN_X400,
@@ -2313,7 +2330,10 @@ static STACK_OF(X509) *php_openssl_load_all_certs_from_file(
23132330
while (sk_X509_INFO_num(sk)) {
23142331
xi=sk_X509_INFO_shift(sk);
23152332
if (xi->x509 != NULL) {
2316-
sk_X509_push(stack,xi->x509);
2333+
if (sk_X509_push(stack,xi->x509) == 0) {
2334+
php_openssl_store_errors();
2335+
X509_free(xi->x509);
2336+
}
23172337
xi->x509=NULL;
23182338
}
23192339
X509_INFO_free(xi);
@@ -2579,6 +2599,7 @@ static STACK_OF(X509) *php_array_to_X509_sk(zval * zcerts, uint32_t arg_num, con
25792599

25802600
}
25812601
if (sk_X509_push(sk, cert) <= 0) {
2602+
php_openssl_store_errors();
25822603
X509_free(cert);
25832604
goto push_fail_exit;
25842605
}
@@ -2600,6 +2621,7 @@ static STACK_OF(X509) *php_array_to_X509_sk(zval * zcerts, uint32_t arg_num, con
26002621
}
26012622
}
26022623
if (sk_X509_push(sk, cert) <= 0) {
2624+
php_openssl_store_errors();
26032625
X509_free(cert);
26042626
goto push_fail_exit;
26052627
}
@@ -5887,6 +5909,7 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
58875909
}
58885910
}
58895911
if (sk_X509_push(recipcerts, cert) <= 0) {
5912+
php_openssl_store_errors();
58905913
X509_free(cert);
58915914
goto clean_exit;
58925915
}
@@ -5911,6 +5934,7 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
59115934
}
59125935
}
59135936
if (sk_X509_push(recipcerts, cert) <= 0) {
5937+
php_openssl_store_errors();
59145938
X509_free(cert);
59155939
goto clean_exit;
59165940
}

ext/openssl/xp_ssl.c

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1775,7 +1775,9 @@ static zend_result php_openssl_setup_crypto(php_stream *stream,
17751775
return FAILURE;
17761776
}
17771777
if (sslsock->is_client) {
1778-
SSL_CTX_set_alpn_protos(sslsock->ctx, alpn, alpn_len);
1778+
if (SSL_CTX_set_alpn_protos(sslsock->ctx, alpn, alpn_len) != 0) {
1779+
php_openssl_store_errors();
1780+
}
17791781
} else {
17801782
sslsock->alpn_ctx.data = (unsigned char *) pestrndup((const char*)alpn, alpn_len, php_stream_is_persistent(stream));
17811783
sslsock->alpn_ctx.len = alpn_len;
@@ -1849,8 +1851,9 @@ static zend_result php_openssl_setup_crypto(php_stream *stream,
18491851
php_error_docref(NULL, E_WARNING, "Supplied session stream must be an SSL enabled stream");
18501852
} else if (((php_openssl_netstream_data_t*)cparam->inputs.session->abstract)->ssl_handle == NULL) {
18511853
php_error_docref(NULL, E_WARNING, "Supplied SSL session stream is not initialized");
1852-
} else {
1853-
SSL_copy_session_id(sslsock->ssl_handle, ((php_openssl_netstream_data_t*)cparam->inputs.session->abstract)->ssl_handle);
1854+
} else if (SSL_copy_session_id(sslsock->ssl_handle, ((php_openssl_netstream_data_t*)cparam->inputs.session->abstract)->ssl_handle) != 1) {
1855+
php_openssl_store_errors();
1856+
php_error_docref(NULL, E_WARNING, "Failed to copy SSL session");
18541857
}
18551858
}
18561859

0 commit comments

Comments
 (0)