php/sme8/php-5.3.3-CVE-2013-6420.patch

diff -up php-5.3.3/ext/openssl/openssl.c.cve6420 php-5.3.3/ext/openssl/openssl.c
--- php-5.3.3/ext/openssl/openssl.c.cve6420     2013-12-05 08:04:41.752296066 +0100
+++ php-5.3.3/ext/openssl/openssl.c     2013-12-05 08:04:41.797296532 +0100
@@ -306,18 +306,28 @@ static time_t asn1_time_to_time_t(ASN1_U
        char * thestr;
        long gmadjust = 0;
 
-       if (timestr->length < 13) {
+       if (ASN1_STRING_type(timestr) != V_ASN1_UTCTIME) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal ASN1 data type for timestamp");
+               return (time_t)-1;
+       }
+
+       if (ASN1_STRING_length(timestr) != strlen(ASN1_STRING_data(timestr))) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal length in timestamp");
+               return (time_t)-1;
+       }
+
+       if (ASN1_STRING_length(timestr) < 13) {
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "extension author too lazy to parse %s correctly", timestr->data);
                return (time_t)-1;
        }
 
-       strbuf = estrdup((char *)timestr->data);
+       strbuf = estrdup((char *)ASN1_STRING_data(timestr));
 
        memset(&thetime, 0, sizeof(thetime));
 
        /* we work backwards so that we can use atoi more easily */
 
-       thestr = strbuf + timestr->length - 3;
+       thestr = strbuf + ASN1_STRING_length(timestr) - 3;
 
        thetime.tm_sec = atoi(thestr);
        *thestr = '\0';
diff -up php-5.3.3/ext/openssl/tests/cve-2013-6420.crt.cve6420 php-5.3.3/ext/openssl/tests/cve-2013-6420.crt
--- php-5.3.3/ext/openssl/tests/cve-2013-6420.crt.cve6420       2013-12-05 08:06:07.996133273 +0100
+++ php-5.3.3/ext/openssl/tests/cve-2013-6420.crt       2013-12-05 08:05:51.284979175 +0100
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIEpDCCA4ygAwIBAgIJAJzu8r6u6eBcMA0GCSqGSIb3DQEBBQUAMIHDMQswCQYD
+VQQGEwJERTEcMBoGA1UECAwTTm9yZHJoZWluLVdlc3RmYWxlbjEQMA4GA1UEBwwH
+S8ODwrZsbjEUMBIGA1UECgwLU2VrdGlvbkVpbnMxHzAdBgNVBAsMFk1hbGljaW91
+cyBDZXJ0IFNlY3Rpb24xITAfBgNVBAMMGG1hbGljaW91cy5zZWt0aW9uZWlucy5k
+ZTEqMCgGCSqGSIb3DQEJARYbc3RlZmFuLmVzc2VyQHNla3Rpb25laW5zLmRlMHUY
+ZDE5NzAwMTAxMDAwMDAwWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAXDTE0MTEyODExMzkzNVowgcMxCzAJBgNVBAYTAkRFMRwwGgYDVQQIDBNO
+b3JkcmhlaW4tV2VzdGZhbGVuMRAwDgYDVQQHDAdLw4PCtmxuMRQwEgYDVQQKDAtT
+ZWt0aW9uRWluczEfMB0GA1UECwwWTWFsaWNpb3VzIENlcnQgU2VjdGlvbjEhMB8G
+A1UEAwwYbWFsaWNpb3VzLnNla3Rpb25laW5zLmRlMSowKAYJKoZIhvcNAQkBFhtz
+dGVmYW4uZXNzZXJAc2VrdGlvbmVpbnMuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDDAf3hl7JY0XcFniyEJpSSDqn0OqBr6QP65usJPRt/8PaDoqBu
+wEYT/Na+6fsgPjC0uK9DZgWg2tHWWoanSblAMoz5PH6Z+S4SHRZ7e2dDIjPjdhjh
+0mLg2UMO5yp0V797Ggs9lNt6JRfH81MN2obXWs4NtztLMuD6egqpr8dDbr34aOs8
+pkdui5UawTZksy5pLPHq5cMhFGm06v65CLo0V2Pd9+KAokPrPcN5KLKebz7mLpk6
+SMeEXOKP4idEqxyQ7O7fBuHMedsQhu+prY3si3BUyKfQtP5CZnX2bp0wKHxX12DX
+1nfFIt9DbGvHTcyOuN+nZLPBm3vWxntyIIvVAgMBAAGjQjBAMAkGA1UdEwQCMAAw
+EQYJYIZIAYb4QgEBBAQDAgeAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEF
+BQcDAjANBgkqhkiG9w0BAQUFAAOCAQEAG0fZYYCTbdj1XYc+1SnoaPR+vI8C8CaD
+8+0UYhdnyU4gga0BAcDrY9e94eEAu6ZqycF6FjLqXXdAboppWocr6T6GD1x33Ckl
+VArzG/KxQohGD2JeqkhIMlDomxHO7ka39+Oa8i2vWLVyjU8AZvWMAruHa4EENyG7
+lW2AagaFKFCr9TnXTfrdxGVEbv7KVQ6bdhg5p5SjpWH1+Mq03uR3ZXPBYdyV8319
+o0lVj1KFI2DCL/liWisJRoof+1cR35Ctd0wYBcpB6TZslMcOPl76dwKwJgeJo2Qg
+Zsfmc2vC1/qOlNuNq/0TzzkVGv8ETT3CgaU+UXe4XOVvkccebJn2dg==
+-----END CERTIFICATE-----
+
+
diff -up php-5.3.3/ext/openssl/tests/cve-2013-6420.phpt.cve6420 php-5.3.3/ext/openssl/tests/cve-2013-6420.phpt
--- php-5.3.3/ext/openssl/tests/cve-2013-6420.phpt.cve6420      2013-12-05 08:06:17.285217439 +0100
+++ php-5.3.3/ext/openssl/tests/cve-2013-6420.phpt      2013-12-05 08:05:44.549916055 +0100
@@ -0,0 +1,18 @@
+--TEST--
+CVE-2013-6420
+--SKIPIF--
+<?php 
+if (!extension_loaded("openssl")) die("skip"); 
+?>
+--FILE--
+<?php
+$crt = substr(__FILE__, 0, -4).'.crt';
+$info = openssl_x509_parse("file://$crt");
+var_dump($info['issuer']['emailAddress'], $info["validFrom_time_t"]);
+?>
+Done
+--EXPECTF--
+%s openssl_x509_parse(): illegal ASN1 data type for timestamp in %s/cve-2013-6420.php on line 3
+string(27) "stefan.esser@sektioneins.de"
+int(-1)
+Done
1	vip-ire	1.1	diff -up php-5.3.3/ext/openssl/openssl.c.cve6420 php-5.3.3/ext/openssl/openssl.c
2			--- php-5.3.3/ext/openssl/openssl.c.cve6420 2013-12-05 08:04:41.752296066 +0100
3			+++ php-5.3.3/ext/openssl/openssl.c 2013-12-05 08:04:41.797296532 +0100
4			@@ -306,18 +306,28 @@ static time_t asn1_time_to_time_t(ASN1_U
5			char * thestr;
6			long gmadjust = 0;
7
8			- if (timestr->length < 13) {
9			+ if (ASN1_STRING_type(timestr) != V_ASN1_UTCTIME) {
10			+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal ASN1 data type for timestamp");
11			+ return (time_t)-1;
12			+ }
13			+
14			+ if (ASN1_STRING_length(timestr) != strlen(ASN1_STRING_data(timestr))) {
15			+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal length in timestamp");
16			+ return (time_t)-1;
17			+ }
18			+
19			+ if (ASN1_STRING_length(timestr) < 13) {
20			php_error_docref(NULL TSRMLS_CC, E_WARNING, "extension author too lazy to parse %s correctly", timestr->data);
21			return (time_t)-1;
22			}
23
24			- strbuf = estrdup((char *)timestr->data);
25			+ strbuf = estrdup((char *)ASN1_STRING_data(timestr));
26
27			memset(&thetime, 0, sizeof(thetime));
28
29			/* we work backwards so that we can use atoi more easily */
30
31			- thestr = strbuf + timestr->length - 3;
32			+ thestr = strbuf + ASN1_STRING_length(timestr) - 3;
33
34			thetime.tm_sec = atoi(thestr);
35			*thestr = '\0';
36			diff -up php-5.3.3/ext/openssl/tests/cve-2013-6420.crt.cve6420 php-5.3.3/ext/openssl/tests/cve-2013-6420.crt
37			--- php-5.3.3/ext/openssl/tests/cve-2013-6420.crt.cve6420 2013-12-05 08:06:07.996133273 +0100
38			+++ php-5.3.3/ext/openssl/tests/cve-2013-6420.crt 2013-12-05 08:05:51.284979175 +0100
39			@@ -0,0 +1,29 @@
40			+-----BEGIN CERTIFICATE-----
41			+MIIEpDCCA4ygAwIBAgIJAJzu8r6u6eBcMA0GCSqGSIb3DQEBBQUAMIHDMQswCQYD
42			+VQQGEwJERTEcMBoGA1UECAwTTm9yZHJoZWluLVdlc3RmYWxlbjEQMA4GA1UEBwwH
43			+S8ODwrZsbjEUMBIGA1UECgwLU2VrdGlvbkVpbnMxHzAdBgNVBAsMFk1hbGljaW91
44			+cyBDZXJ0IFNlY3Rpb24xITAfBgNVBAMMGG1hbGljaW91cy5zZWt0aW9uZWlucy5k
45			+ZTEqMCgGCSqGSIb3DQEJARYbc3RlZmFuLmVzc2VyQHNla3Rpb25laW5zLmRlMHUY
46			+ZDE5NzAwMTAxMDAwMDAwWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
47			+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
48			+AAAAAAAXDTE0MTEyODExMzkzNVowgcMxCzAJBgNVBAYTAkRFMRwwGgYDVQQIDBNO
49			+b3JkcmhlaW4tV2VzdGZhbGVuMRAwDgYDVQQHDAdLw4PCtmxuMRQwEgYDVQQKDAtT
50			+ZWt0aW9uRWluczEfMB0GA1UECwwWTWFsaWNpb3VzIENlcnQgU2VjdGlvbjEhMB8G
51			+A1UEAwwYbWFsaWNpb3VzLnNla3Rpb25laW5zLmRlMSowKAYJKoZIhvcNAQkBFhtz
52			+dGVmYW4uZXNzZXJAc2VrdGlvbmVpbnMuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
53			+DwAwggEKAoIBAQDDAf3hl7JY0XcFniyEJpSSDqn0OqBr6QP65usJPRt/8PaDoqBu
54			+wEYT/Na+6fsgPjC0uK9DZgWg2tHWWoanSblAMoz5PH6Z+S4SHRZ7e2dDIjPjdhjh
55			+0mLg2UMO5yp0V797Ggs9lNt6JRfH81MN2obXWs4NtztLMuD6egqpr8dDbr34aOs8
56			+pkdui5UawTZksy5pLPHq5cMhFGm06v65CLo0V2Pd9+KAokPrPcN5KLKebz7mLpk6
57			+SMeEXOKP4idEqxyQ7O7fBuHMedsQhu+prY3si3BUyKfQtP5CZnX2bp0wKHxX12DX
58			+1nfFIt9DbGvHTcyOuN+nZLPBm3vWxntyIIvVAgMBAAGjQjBAMAkGA1UdEwQCMAAw
59			+EQYJYIZIAYb4QgEBBAQDAgeAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEF
60			+BQcDAjANBgkqhkiG9w0BAQUFAAOCAQEAG0fZYYCTbdj1XYc+1SnoaPR+vI8C8CaD
61			+8+0UYhdnyU4gga0BAcDrY9e94eEAu6ZqycF6FjLqXXdAboppWocr6T6GD1x33Ckl
62			+VArzG/KxQohGD2JeqkhIMlDomxHO7ka39+Oa8i2vWLVyjU8AZvWMAruHa4EENyG7
63			+lW2AagaFKFCr9TnXTfrdxGVEbv7KVQ6bdhg5p5SjpWH1+Mq03uR3ZXPBYdyV8319
64			+o0lVj1KFI2DCL/liWisJRoof+1cR35Ctd0wYBcpB6TZslMcOPl76dwKwJgeJo2Qg
65			+Zsfmc2vC1/qOlNuNq/0TzzkVGv8ETT3CgaU+UXe4XOVvkccebJn2dg==
66			+-----END CERTIFICATE-----
67			+
68			+
69			diff -up php-5.3.3/ext/openssl/tests/cve-2013-6420.phpt.cve6420 php-5.3.3/ext/openssl/tests/cve-2013-6420.phpt
70			--- php-5.3.3/ext/openssl/tests/cve-2013-6420.phpt.cve6420 2013-12-05 08:06:17.285217439 +0100
71			+++ php-5.3.3/ext/openssl/tests/cve-2013-6420.phpt 2013-12-05 08:05:44.549916055 +0100
72			@@ -0,0 +1,18 @@
73			+--TEST--
74			+CVE-2013-6420
75			+--SKIPIF--
76			+<?php
77			+if (!extension_loaded("openssl")) die("skip");
78			+?>
79			+--FILE--
80			+<?php
81			+$crt = substr(__FILE__, 0, -4).'.crt';
82			+$info = openssl_x509_parse("file://$crt");
83			+var_dump($info['issuer']['emailAddress'], $info["validFrom_time_t"]);
84			+?>
85			+Done
86			+--EXPECTF--
87			+%s openssl_x509_parse(): illegal ASN1 data type for timestamp in %s/cve-2013-6420.php on line 3
88			+string(27) "stefan.esser@sektioneins.de"
89			+int(-1)
90			+Done