@@ -1695,12 +1695,12 @@ static int php_openssl_x509_fingerprint(X509 *peer, const char *method, zend_boo
16951695{
16961696 unsigned char md [EVP_MAX_MD_SIZE ];
16971697 const EVP_MD * mdtype ;
1698- zend_str_size_int n ;
1698+ unsigned int n ;
16991699
17001700 if (!(mdtype = EVP_get_digestbyname (method ))) {
17011701 php_error_docref (NULL TSRMLS_CC , E_WARNING , "Unknown signature algorithm ");
17021702 return FAILURE ;
1703- } else if (!X509_digest (peer , mdtype , md , ( unsigned int * ) & n )) {
1703+ } else if (!X509_digest (peer , mdtype , md , & n )) {
17041704 php_error_docref (NULL TSRMLS_CC , E_ERROR , "Could not generate signature" );
17051705 return FAILURE ;
17061706 }
@@ -4716,6 +4716,14 @@ PHP_FUNCTION(openssl_sign)
47164716 return ;
47174717 }
47184718
4719+ #if OPENSSL_VERSION_NUMBER < 0x0090800fL
4720+ if (data_len > UINT_MAX ) {
4721+ php_error_docref (NULL TSRMLS_CC , E_WARNING , "Data is too long; it needs to be at most %d bytes, not " ZEND_UINT_FMT ,
4722+ UINT_MAX , data_len );
4723+ RETURN_FALSE ;
4724+ }
4725+ #endif
4726+
47194727 pkey = php_openssl_evp_from_zval (key , 0 , "" , 0 , & keyresource TSRMLS_CC );
47204728 if (pkey == NULL ) {
47214729 php_error_docref (NULL TSRMLS_CC , E_WARNING , "supplied key param cannot be coerced into a private key" );
@@ -4742,7 +4750,7 @@ PHP_FUNCTION(openssl_sign)
47424750 sigbuf = emalloc (siglen + 1 );
47434751
47444752 EVP_SignInit (& md_ctx , mdtype );
4745- EVP_SignUpdate (& md_ctx , data , data_len );
4753+ EVP_SignUpdate (& md_ctx , data , data_len );INT_MAX ;
47464754 if (EVP_SignFinal (& md_ctx , sigbuf ,(unsigned int * )& siglen , pkey )) {
47474755 zval_dtor (signature );
47484756 sigbuf [siglen ] = '\0' ;
@@ -4780,6 +4788,19 @@ PHP_FUNCTION(openssl_verify)
47804788 return ;
47814789 }
47824790
4791+ #if OPENSSL_VERSION_NUMBER < 0x0090800fL
4792+ if (data_len > UINT_MAX ) {
4793+ php_error_docref (NULL TSRMLS_CC , E_WARNING , "Data is too long; it needs to be at most %d bytes, not " ZEND_UINT_FMT ,
4794+ UINT_MAX , data_len );
4795+ RETURN_FALSE ;
4796+ }
4797+ #endif
4798+ if (signature_len > UINT_MAX ) {
4799+ php_error_docref (NULL TSRMLS_CC , E_WARNING , "Signature is too long; it needs to be at most %d bytes, not " ZEND_UINT_FMT ,
4800+ UINT_MAX , signature_len );
4801+ RETURN_FALSE ;
4802+ }
4803+
47834804 if (method == NULL || Z_TYPE_P (method ) == IS_LONG ) {
47844805 if (method != NULL ) {
47854806 signature_algo = Z_LVAL_P (method );
@@ -5384,6 +5405,15 @@ PHP_FUNCTION(openssl_digest)
53845405 if (zend_parse_parameters (ZEND_NUM_ARGS () TSRMLS_CC , "SS|b" , & data , & data_len , & method , & method_len , & raw_output ) == FAILURE ) {
53855406 return ;
53865407 }
5408+
5409+ #if OPENSSL_VERSION_NUMBER < 0x0090800fL
5410+ if (data_len > UINT_MAX ) {
5411+ php_error_docref (NULL TSRMLS_CC , E_WARNING , "Data is too long; it needs to be at most %d bytes, not " ZEND_UINT_FMT ,
5412+ UINT_MAX , data_len );
5413+ RETURN_FALSE ;
5414+ }
5415+ #endif
5416+
53875417 mdtype = EVP_get_digestbyname (method );
53885418 if (!mdtype ) {
53895419 php_error_docref (NULL TSRMLS_CC , E_WARNING , "Unknown signature algorithm ");
0 commit comments