diff --git a/CHANGELOG.md b/CHANGELOG.md index daca0cca..28e7df16 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,18 @@ # Changelog +## 2.0.3 - 2016-08-18 + +- BigInteger/RSA: don't compare openssl versions > 1.0 (#946) +- RSA: don't attempt to use the CRT when zero value components exist (#980) +- RSA: zero salt length RSA signatures don't work (#1002) +- ASN1: fix PHP Warning on PHP 7.1 (#1013) +- X509: set parameter fields to null for CSR's / RSA (#914) +- CRL optimizations (#1000) +- SSH2: fix "Expected SSH_FXP_STATUS or ..." error (#999) +- SSH2: use stream_get_* instead of fread() / fgets() (#967) +- SFTP: make symlinks support relative target's (#1004) +- SFTP: fix sending stream resulting in zero byte file (#995) + ## 2.0.2 - 2016-06-04 - All Ciphers: fix issue with CBC mode / OpenSSL / continuous buffers / decryption (#938) @@ -30,6 +43,18 @@ - Classes were renamed and namespaced ([#243](https://github.com/phpseclib/phpseclib/issues/243)) - The use of an autoloader is now required (e.g. Composer) +## 1.0.3 - 2016-08-18 + +- BigInteger/RSA: don't compare openssl versions > 1.0 (#946) +- RSA: don't attempt to use the CRT when zero value components exist (#980) +- RSA: zero salt length RSA signatures don't work (#1002) +- ASN1: fix PHP Warning on PHP 7.1 (#1013) +- X509: set parameter fields to null for CSR's / RSA (#914) +- CRL optimizations (#1000) +- SSH2: fix "Expected SSH_FXP_STATUS or ..." error (#999) +- SFTP: make symlinks support relative target's (#1004) +- SFTP: fix sending stream resulting in zero byte file (#995) + ## 1.0.2 - 2016-05-07 - All Ciphers: fix issue with CBC mode / OpenSSL / continuous buffers / decryption (#938) diff --git a/README.md b/README.md index 4c9af456..c6e076de 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS#1 (v2.1) compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509 -* [Download (1.0.2)](http://sourceforge.net/projects/phpseclib/files/phpseclib1.0.2.zip/download) +* [Download (1.0.3)](http://sourceforge.net/projects/phpseclib/files/phpseclib1.0.3.zip/download) * [Browse Git](https://github.com/phpseclib/phpseclib) * [Code Coverage Report](http://phpseclib.bantux.org/code_coverage/master/latest/) diff --git a/phpseclib/File/ASN1.php b/phpseclib/File/ASN1.php index 34430c3e..6a485bc4 100644 --- a/phpseclib/File/ASN1.php +++ b/phpseclib/File/ASN1.php @@ -306,7 +306,7 @@ class ASN1 $newcontent = array(); $remainingLength = $length; while ($remainingLength > 0) { - $temp = $this->_decode_ber($content, $start); + $temp = $this->_decode_ber($content, $start, $content_pos); $length = $temp['length']; // end-of-content octets - see paragraph 8.1.5 if (substr($content, $content_pos + $length, 2) == "\0\0") { diff --git a/tests/Unit/File/ASN1Test.php b/tests/Unit/File/ASN1Test.php index c9a1ea29..1a4b6131 100644 --- a/tests/Unit/File/ASN1Test.php +++ b/tests/Unit/File/ASN1Test.php @@ -289,4 +289,14 @@ class Unit_File_ASN1Test extends PhpseclibTestCase $this->assertInternalType('array', $decoded); $this->assertCount(0, $decoded[0]['content']); } + + /** + * @group github1027 + */ + public function testInfiniteLoop() + { + $asn1 = new ASN1(); + $data = base64_decode('MD6gJQYKKwYBBAGCNxQCA6AXDBVvZmZpY2VAY2VydGRpZ2l0YWwucm+BFW9mZmljZUBjZXJ0ZGlnaXRhbC5ybw=='); + $asn1->decodeBER($data); + } }