MFH r322485

Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0. CVE-2011-3389
2024-11-24 18:34:21 +08:00 · 2012-01-26 05:15:57 +00:00 · 2012-01-26 05:15:57 +00:00 · 398c6e6d11
commit 398c6e6d11
parent bbd6ab2054
3 changed files with 18 additions and 4 deletions
--- a/4
+++ b/4
@ -1,6 +1,8 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? Jan 2012, PHP 5.4.0
+?? Jan 2012, PHP 5.4.0 RC 7
+- Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
+  CVE-2011-3389. (Scott)

 19 Jan 2012, PHP 5.4.0 RC6

--- a/ext/ftp/ftp.c
+++ b/ext/ftp/ftp.c
@ -243,6 +243,7 @@ ftp_login(ftpbuf_t *ftp, const char *user, const char *pass TSRMLS_DC)
 {
 #if HAVE_OPENSSL_EXT
 	SSL_CTX	*ctx = NULL;
+	long ssl_ctx_options = SSL_OP_ALL;
 #endif
 	if (ftp == NULL) {
 		return 0;
@ -279,7 +280,10 @@ ftp_login(ftpbuf_t *ftp, const char *user, const char *pass TSRMLS_DC)
 			return 0;
 		}

-		SSL_CTX_set_options(ctx, SSL_OP_ALL);
+#if OPENSSL_VERSION_NUMBER >= 0x0090605fL
+		ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+#endif
+		SSL_CTX_set_options(ctx, ssl_ctx_options);

 		ftp->ssl_handle = SSL_new(ctx);
 		if (ftp->ssl_handle == NULL) {
@ -1495,6 +1499,7 @@ data_accept(databuf_t *data, ftpbuf_t *ftp TSRMLS_DC)

 #if HAVE_OPENSSL_EXT
 	SSL_CTX		*ctx;
+	long ssl_ctx_options = SSL_OP_ALL;
 #endif

 	if (data->fd != -1) {
@ -1521,7 +1526,10 @@ data_accepted:
 			return 0;
 		}

-		SSL_CTX_set_options(ctx, SSL_OP_ALL);
+#if OPENSSL_VERSION_NUMBER >= 0x0090605fL
+		ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+#endif
+		SSL_CTX_set_options(ctx, ssl_ctx_options);

 		data->ssl_handle = SSL_new(ctx);
 		if (data->ssl_handle == NULL) {
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@ -310,6 +310,7 @@ static inline int php_openssl_setup_crypto(php_stream *stream,
 		TSRMLS_DC)
 {
 	SSL_METHOD *method;
+	long ssl_ctx_options = SSL_OP_ALL;
 	
 	if (sslsock->ssl_handle) {
 		if (sslsock->s.is_blocked) {
@ -377,7 +378,10 @@ static inline int php_openssl_setup_crypto(php_stream *stream,
 		return -1;
 	}

-	SSL_CTX_set_options(sslsock->ctx, SSL_OP_ALL);
+#if OPENSSL_VERSION_NUMBER >= 0x0090605fL
+	ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+#endif
+	SSL_CTX_set_options(sslsock->ctx, ssl_ctx_options);

 #if OPENSSL_VERSION_NUMBER >= 0x0090806fL
 	{