Merge branch '2.0'

2024-06-01 08:00:52 +00:00 · 2016-08-28 10:45:37 -05:00 · 2016-08-28 10:45:37 -05:00 · 5416b9eddc
commit 5416b9eddc
parent da0c41ddac 6dc50cc5c9
4 changed files with 37 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,18 @@
 # Changelog

+## 2.0.3 - 2016-08-18
+
+- BigInteger/RSA: don't compare openssl versions > 1.0 (#946)
+- RSA: don't attempt to use the CRT when zero value components exist (#980)
+- RSA: zero salt length RSA signatures don't work (#1002)
+- ASN1: fix PHP Warning on PHP 7.1 (#1013)
+- X509: set parameter fields to null for CSR's / RSA (#914)
+- CRL optimizations (#1000)
+- SSH2: fix "Expected SSH_FXP_STATUS or ..." error (#999)
+- SSH2: use stream_get_* instead of fread() / fgets() (#967)
+- SFTP: make symlinks support relative target's (#1004)
+- SFTP: fix sending stream resulting in zero byte file (#995)
+
 ## 2.0.2 - 2016-06-04

 - All Ciphers: fix issue with CBC mode / OpenSSL / continuous buffers / decryption (#938)
@ -30,6 +43,18 @@
 - Classes were renamed and namespaced ([#243](https://github.com/phpseclib/phpseclib/issues/243))
 - The use of an autoloader is now required (e.g. Composer)

+## 1.0.3 - 2016-08-18
+
+- BigInteger/RSA: don't compare openssl versions > 1.0 (#946)
+- RSA: don't attempt to use the CRT when zero value components exist (#980)
+- RSA: zero salt length RSA signatures don't work (#1002)
+- ASN1: fix PHP Warning on PHP 7.1 (#1013)
+- X509: set parameter fields to null for CSR's / RSA (#914)
+- CRL optimizations (#1000)
+- SSH2: fix "Expected SSH_FXP_STATUS or ..." error (#999)
+- SFTP: make symlinks support relative target's (#1004)
+- SFTP: fix sending stream resulting in zero byte file (#995)
+
 ## 1.0.2 - 2016-05-07

 - All Ciphers: fix issue with CBC mode / OpenSSL / continuous buffers / decryption (#938)
--- a/README.md
+++ b/README.md
@ -6,7 +6,7 @@ MIT-licensed pure-PHP implementations of an arbitrary-precision integer
 arithmetic library, fully PKCS#1 (v2.1) compliant RSA, DES, 3DES, RC4, Rijndael,
 AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509

-* [Download (1.0.2)](http://sourceforge.net/projects/phpseclib/files/phpseclib1.0.2.zip/download)
+* [Download (1.0.3)](http://sourceforge.net/projects/phpseclib/files/phpseclib1.0.3.zip/download)
 * [Browse Git](https://github.com/phpseclib/phpseclib)
 * [Code Coverage Report](http://phpseclib.bantux.org/code_coverage/master/latest/)

--- a/phpseclib/File/ASN1.php
+++ b/phpseclib/File/ASN1.php
@ -306,7 +306,7 @@ class ASN1
                $newcontent = array();
                $remainingLength = $length;
                while ($remainingLength > 0) {
-                    $temp = $this->_decode_ber($content, $start);
+                    $temp = $this->_decode_ber($content, $start, $content_pos);
                    $length = $temp['length'];
                    // end-of-content octets - see paragraph 8.1.5
                    if (substr($content, $content_pos + $length, 2) == "\0\0") {
--- a/tests/Unit/File/ASN1Test.php
+++ b/tests/Unit/File/ASN1Test.php
@ -289,4 +289,14 @@ class Unit_File_ASN1Test extends PhpseclibTestCase
        $this->assertInternalType('array', $decoded);
        $this->assertCount(0, $decoded[0]['content']);
    }
+
+    /**
+     * @group github1027
+     */
+    public function testInfiniteLoop()
+    {
+        $asn1 = new ASN1();
+        $data = base64_decode('MD6gJQYKKwYBBAGCNxQCA6AXDBVvZmZpY2VAY2VydGRpZ2l0YWwucm+BFW9mZmljZUBjZXJ0ZGlnaXRhbC5ybw==');
+        $asn1->decodeBER($data);
+    }
 }