mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-23 18:04:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add missing check on EVP_VerifyUpdate() in phar util

Browse Source 
Closes GH-11640.
This commit is contained in:
Niels Dossche 2023-07-08 20:17:04 +02:00
parent dc9adda653
commit 0d07b6d647
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@ -46,6 +46,9 @@ PHP NEWS
. Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt).
(KapitanOczywisty, CViniciusSDias)
- Phar:
. Add missing check on EVP_VerifyUpdate() in phar util. (nielsdos)
- PHPDBG:
. Fixed bug GH-9669 (phpdbg -h options doesn't list the -z option). (adsr)

5
ext/phar/util.c
View File

@ -1599,7 +1599,9 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
php_stream_seek(fp, 0, SEEK_SET);
while (read_size && (len = php_stream_read(fp, (char*)buf, read_size)) > 0) {
EVP_VerifyUpdate (md_ctx, buf, len);
if (UNEXPECTED(EVP_VerifyUpdate (md_ctx, buf, len) == 0)) {
goto failure;
}
read_len -= (zend_off_t)len;
if (read_len < read_size) {
@ -1608,6 +1610,7 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
}
if (EVP_VerifyFinal(md_ctx, (unsigned char *)sig, sig_len, key) != 1) {
failure:
/* 1: signature verified, 0: signature does not match, -1: failed signature operation */
EVP_PKEY_free(key);
EVP_MD_CTX_destroy(md_ctx);