[Pkg-php-commits] [php/debian-etch] CVE-2009-3291: improper handling of nul character in CommonName fields of X509 certificates
Raphael Geissert
geissert at debian.org
Sat Nov 28 23:50:25 UTC 2009
---
debian/patches/152-CVE-2009-3291.patch | 33 ++++++++++++++++++++++++++++++++
1 files changed, 33 insertions(+), 0 deletions(-)
create mode 100644 debian/patches/152-CVE-2009-3291.patch
diff --git a/debian/patches/152-CVE-2009-3291.patch b/debian/patches/152-CVE-2009-3291.patch
new file mode 100644
index 0000000..3782de4
--- /dev/null
+++ b/debian/patches/152-CVE-2009-3291.patch
@@ -0,0 +1,33 @@
+diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
+index 115a286..529a30c 100644
+--- a/ext/openssl/openssl.c
++++ b/ext/openssl/openssl.c
+@@ -3446,8 +3446,15 @@ int php_openssl_apply_verification_policy(SSL *ssl, X509 *peer, php_stream *stre
+ GET_VER_OPT_STRING("CN_match", cnmatch);
+ if (cnmatch) {
+ int match = 0;
++ int name_len = X509_NAME_get_text_by_NID(name, NID_commonName, buf, sizeof(buf));
+
+- X509_NAME_get_text_by_NID(name, NID_commonName, buf, sizeof(buf));
++ if (name_len == -1) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to locate peer certificate CN");
++ return FAILURE;
++ } else if (name_len != strlen(buf)) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Peer certificate CN=`%.*s' is malformed", name_len, buf);
++ return FAILURE;
++ }
+
+ match = strcmp(cnmatch, buf) == 0;
+ if (!match && strlen(buf) > 3 && buf[0] == '*' && buf[1] == '.') {
+@@ -3462,10 +3469,7 @@ int php_openssl_apply_verification_policy(SSL *ssl, X509 *peer, php_stream *stre
+
+ if (!match) {
+ /* didn't match */
+- php_error_docref(NULL TSRMLS_CC, E_WARNING,
+- "Peer certificate CN=`%s' did not match expected CN=`%s'",
+- buf, cnmatch);
+-
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Peer certificate CN=`%.*s' did not match expected CN=`%s'", name_len, buf, cnmatch);
+ return FAILURE;
+ }
+ }
--
1.6.3.3
More information about the Pkg-php-commits
mailing list