[Pkg-php-commits] [php/debian-lenny] CVE-2009-3291: improper handling of nul character in CommonName fields of X509 certificates

Raphael Geissert geissert at debian.org
Sat Nov 28 23:52:51 UTC 2009 

---
 debian/patches/CVE-2009-3291.patch |   33 +++++++++++++++++++++++++++++++++
 debian/patches/series              |    1 +
 2 files changed, 34 insertions(+), 0 deletions(-)
 create mode 100644 debian/patches/CVE-2009-3291.patch

diff --git a/debian/patches/CVE-2009-3291.patch b/debian/patches/CVE-2009-3291.patch
new file mode 100644
index 0000000..61b9c44
--- /dev/null
+++ b/debian/patches/CVE-2009-3291.patch
@@ -0,0 +1,33 @@
+Index: php/ext/openssl/openssl.c
+===================================================================
+--- php.orig/ext/openssl/openssl.c
++++ php/ext/openssl/openssl.c
+@@ -3819,8 +3819,15 @@ int php_openssl_apply_verification_polic
+ 	GET_VER_OPT_STRING("CN_match", cnmatch);
+ 	if (cnmatch) {
+ 		int match = 0;
++		int name_len = X509_NAME_get_text_by_NID(name, NID_commonName, buf, sizeof(buf));
+ 
+-		X509_NAME_get_text_by_NID(name, NID_commonName, buf, sizeof(buf));
++		if (name_len == -1) {
++			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to locate peer certificate CN");
++			return FAILURE;
++		} else if (name_len != strlen(buf)) {
++			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Peer certificate CN=`%.*s' is malformed", name_len, buf);
++			return FAILURE;
++		}
+ 
+ 		match = strcmp(cnmatch, buf) == 0;
+ 		if (!match && strlen(buf) > 3 && buf[0] == '*' && buf[1] == '.') {
+@@ -3835,10 +3842,7 @@ int php_openssl_apply_verification_polic
+ 
+ 		if (!match) {
+ 			/* didn't match */
+-			php_error_docref(NULL TSRMLS_CC, E_WARNING,
+-					"Peer certificate CN=`%s' did not match expected CN=`%s'",
+-					buf, cnmatch);
+-
++			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Peer certificate CN=`%.*s' did not match expected CN=`%s'", name_len, buf, cnmatch);
+ 			return FAILURE;
+ 		}
+ 	}
diff --git a/debian/patches/series b/debian/patches/series
index ee2d042..aee7f5e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -58,3 +58,4 @@ CVE-2009-1271.patch
 CVE-2009-2687.patch
 CVE-2009-2626.patch
 CVE-2009-3292.patch
+CVE-2009-3291.patch
-- 
1.6.3.3

More information about the Pkg-php-commits mailing list