From 472e006b6cbd38212ab3bd3bb87fba89d680b276 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Mon, 29 Dec 2014 08:37:44 -0600 Subject: [PATCH 1/3] SSH2: update conditions under which _disconnect's code is executed --- phpseclib/Net/SSH2.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php index c904e678..75ecfc32 100644 --- a/phpseclib/Net/SSH2.php +++ b/phpseclib/Net/SSH2.php @@ -3372,7 +3372,7 @@ class Net_SSH2 */ function _disconnect($reason) { - if ($this->bitmap) { + if ($this->bitmap & NET_SSH2_MASK_CONNECTED) { $data = pack('CNNa*Na*', NET_SSH2_MSG_DISCONNECT, $reason, 0, '', 0, ''); $this->_send_binary_packet($data); $this->bitmap = 0; From b0129e91256b66372c07ba956e7c41d5bee6848f Mon Sep 17 00:00:00 2001 From: Ha Phan Date: Tue, 6 Jan 2015 15:27:30 +0700 Subject: [PATCH 2/3] Compare numeric part of OpenSSL version --- phpseclib/Crypt/RSA.php | 13 ++++++++++--- phpseclib/Math/BigInteger.php | 9 ++++++++- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php index 793eecc7..53f94354 100644 --- a/phpseclib/Crypt/RSA.php +++ b/phpseclib/Crypt/RSA.php @@ -515,9 +515,16 @@ class Crypt_RSA $versions = array(); if (!empty($matches[1])) { - for ($i = 0; $i < count($matches[1]); $i++) { - $versions[$matches[1][$i]] = trim(str_replace('=>', '', strip_tags($matches[2][$i]))); - } + for ($i = 0; $i < count($matches[1]); $i++) { + $fullVersion = trim(str_replace('=>', '', strip_tags($matches[2][$i]))); + + // Remove letter part in OpenSSL version + if (!preg_match('/(\d+\.\d+\.\d+)/i', $fullVersion, $m)) { + $versions[$matches[1][$i]] = $fullVersion; + } else { + $versions[$matches[1][$i]] = $m[0]; + } + } } // it doesn't appear that OpenSSL versions were reported upon until PHP 5.3+ diff --git a/phpseclib/Math/BigInteger.php b/phpseclib/Math/BigInteger.php index 5753584c..8e54f741 100644 --- a/phpseclib/Math/BigInteger.php +++ b/phpseclib/Math/BigInteger.php @@ -278,7 +278,14 @@ class Math_BigInteger $versions = array(); if (!empty($matches[1])) { for ($i = 0; $i < count($matches[1]); $i++) { - $versions[$matches[1][$i]] = trim(str_replace('=>', '', strip_tags($matches[2][$i]))); + $fullVersion = trim(str_replace('=>', '', strip_tags($matches[2][$i]))); + + // Remove letter part in OpenSSL version + if (!preg_match('/(\d+\.\d+\.\d+)/i', $fullVersion, $m)) { + $versions[$matches[1][$i]] = $fullVersion; + } else { + $versions[$matches[1][$i]] = $m[0]; + } } } From 84325d415eb35f2ebedc0893bc2ca46a7a19ac63 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sat, 10 Jan 2015 23:58:50 -0600 Subject: [PATCH 3/3] ASN1: empty constructed context-specific tags error'd out eg. an attributes field in a CSR that's blank --- phpseclib/File/ASN1.php | 21 ++++++++++++++------- tests/Unit/File/ASN1Test.php | 11 +++++++++++ tests/Unit/File/X509/CSRTest.php | 31 +++++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+), 7 deletions(-) create mode 100644 tests/Unit/File/X509/CSRTest.php diff --git a/phpseclib/File/ASN1.php b/phpseclib/File/ASN1.php index a3b91b2e..1d66793a 100644 --- a/phpseclib/File/ASN1.php +++ b/phpseclib/File/ASN1.php @@ -347,24 +347,31 @@ class File_ASN1 case FILE_ASN1_CLASS_APPLICATION: case FILE_ASN1_CLASS_PRIVATE: case FILE_ASN1_CLASS_CONTEXT_SPECIFIC: - if ($constructed) { + if (!$constructed) { + return array( + 'type' => $class, + 'constant' => $tag, + 'content' => $content, + 'length' => $length + $start - $current['start'] + ); + } + + $newcontent = array(); + if (strlen($content)) { $newcontent = $this->_decode_ber($content, $start); $length = $newcontent['length']; if (substr($content, $length, 2) == "\0\0") { $length+= 2; } - - // the array encapsulation is for BC with the old format - $content = array($newcontent); + $start+= $length; + $newcontent = array($newcontent); } - $start+= $length; - return array( 'type' => $class, 'constant' => $tag, // the array encapsulation is for BC with the old format - 'content' => $content, + 'content' => $newcontent, // the only time when $content['headerlength'] isn't defined is when the length is indefinite. // the absence of $content['headerlength'] is how we know if something is indefinite or not. // technically, it could be defined to be 2 and then another indicator could be used but whatever. diff --git a/tests/Unit/File/ASN1Test.php b/tests/Unit/File/ASN1Test.php index 8d8828b9..77ab0525 100644 --- a/tests/Unit/File/ASN1Test.php +++ b/tests/Unit/File/ASN1Test.php @@ -278,4 +278,15 @@ class Unit_File_ASN1Test extends PhpseclibTestCase $decoded = $asn1->decodeBER(base64_decode('MBaAFJtUo7c00HsI5EPZ4bkICfkOY2Pv')); $this->assertInternalType('string', $decoded[0]['content'][0]['content']); } + + /** + * @group github602 + */ + public function testEmptyContextTag() + { + $asn1 = new File_ASN1(); + $decoded = $asn1->decodeBER("\xa0\x00"); + $this->assertInternalType('array', $decoded); + $this->assertCount(0, $decoded[0]['content']); + } } diff --git a/tests/Unit/File/X509/CSRTest.php b/tests/Unit/File/X509/CSRTest.php new file mode 100644 index 00000000..57bce68a --- /dev/null +++ b/tests/Unit/File/X509/CSRTest.php @@ -0,0 +1,31 @@ + + * @copyright 2014 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + */ + +require_once 'File/X509.php'; + +class Unit_File_X509_CSRTest extends PhpseclibTestCase +{ + public function testLoadCSR() + { + $test = '-----BEGIN CERTIFICATE REQUEST----- +MIIBWzCBxQIBADAeMRwwGgYDVQQKDBNwaHBzZWNsaWIgZGVtbyBjZXJ0MIGdMAsG +CSqGSIb3DQEBAQOBjQAwgYkCgYEAtHDb4zoUyiRYsJ5PZrF/IJKAF9ZoHRpTxMA8 +a7iyFdsl/vvZLNPsNnFTXXnGdvsyFDEsF7AubaIXw8UKFPYqQRTzSVsvnNgIoVYj +tTAXlB4oHipr7Kxcn4CXfmR0TYogyLvVZSZJYxh+CAuG4V9XM4HqkeE5gyBOsKGy +5FUU8zMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAJjdaA9K9DN5xvSiOlCmmV1E +npzHkI1Trraveu0gtRjT/EzHoqjCBI0ekCZ9+fhrex8Sm6Nsq9IgHYyrqnE+PQko +4Nf2w2U3DWxU26D5E9DlI+bLyOCq4jqATLjHyyAsOZY/2+U73AZ82MJM/mGdh5fQ +v5RwaQHmQEzHofTzF7I+ +-----END CERTIFICATE REQUEST-----'; + + $x509 = new File_X509(); + + $spkac = $x509->loadCSR($test); + + $this->assertInternalType('array', $spkac); + } +}