From c27fd2e66fa905cd7a535b31a7508f39dcd8c1aa Mon Sep 17 00:00:00 2001 From: terrafrost Date: Thu, 18 Aug 2016 13:43:04 -0500 Subject: [PATCH 1/3] updates for 1.0.3 release --- CHANGELOG.md | 12 ++++++++++++ README.md | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8795ea35..1354ab91 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,17 @@ # Changelog +## 1.0.3 - 2016-08-18 + +- BigInteger/RSA: don't compare openssl versions > 1.0 (#946) +- RSA: don't attempt to use the CRT when zero value components exist (#980) +- RSA: zero salt length RSA signatures don't work (#1002) +- ASN1: fix PHP Warning on PHP 7.1 (#1013) +- X509: set parameter fields to null for CSR's / RSA (#914) +- CRL optimizations (#1000) +- SSH2: fix "Expected SSH_FXP_STATUS or ..." error (#999) +- SFTP: make symlinks support relative target's (#1004) +- SFTP: fix sending stream resulting in zero byte file (#995) + ## 1.0.2 - 2016-05-07 - All Ciphers: fix issue with CBC mode / OpenSSL / continuous buffers / decryption (#938) diff --git a/README.md b/README.md index 2c571af7..77629bbd 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS#1 (v2.1) compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509 -* [Download (1.0.2)](http://sourceforge.net/projects/phpseclib/files/phpseclib1.0.2.zip/download) +* [Download (1.0.3)](http://sourceforge.net/projects/phpseclib/files/phpseclib1.0.3.zip/download) * [Browse Git](https://github.com/phpseclib/phpseclib) * [Code Coverage Report](http://phpseclib.bantux.org/code_coverage/1.0/latest/) From 5c2ffd254416e3cca3f1557557b0ccc3e5e5c08f Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sun, 28 Aug 2016 10:38:01 -0500 Subject: [PATCH 2/3] ASN1: fix infinite loop during ASN1 decode process --- phpseclib/File/ASN1.php | 2 +- tests/Unit/File/ASN1Test.php | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/phpseclib/File/ASN1.php b/phpseclib/File/ASN1.php index b30493e4..b7f7c119 100644 --- a/phpseclib/File/ASN1.php +++ b/phpseclib/File/ASN1.php @@ -366,7 +366,7 @@ class File_ASN1 $newcontent = array(); $remainingLength = $length; while ($remainingLength > 0) { - $temp = $this->_decode_ber($content, $start); + $temp = $this->_decode_ber($content, $start, $content_pos); $length = $temp['length']; // end-of-content octets - see paragraph 8.1.5 if (substr($content, $content_pos + $length, 2) == "\0\0") { diff --git a/tests/Unit/File/ASN1Test.php b/tests/Unit/File/ASN1Test.php index fe0e01b4..2708b858 100644 --- a/tests/Unit/File/ASN1Test.php +++ b/tests/Unit/File/ASN1Test.php @@ -289,4 +289,14 @@ class Unit_File_ASN1Test extends PhpseclibTestCase $this->assertInternalType('array', $decoded); $this->assertCount(0, $decoded[0]['content']); } + + /** + * @group github1027 + */ + public function testInfiniteLoop() + { + $asn1 = new File_ASN1(); + $data = base64_decode('MD6gJQYKKwYBBAGCNxQCA6AXDBVvZmZpY2VAY2VydGRpZ2l0YWwucm+BFW9mZmljZUBjZXJ0ZGlnaXRhbC5ybw=='); + $asn1->decodeBER($data); + } } From 6dc50cc5c967a74aa653f6362de5723b0fc0517d Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sun, 28 Aug 2016 10:45:31 -0500 Subject: [PATCH 3/3] ASN1: update unit test for 2.0 branch --- tests/Unit/File/ASN1Test.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Unit/File/ASN1Test.php b/tests/Unit/File/ASN1Test.php index 988fdb91..1a4b6131 100644 --- a/tests/Unit/File/ASN1Test.php +++ b/tests/Unit/File/ASN1Test.php @@ -295,7 +295,7 @@ class Unit_File_ASN1Test extends PhpseclibTestCase */ public function testInfiniteLoop() { - $asn1 = new File_ASN1(); + $asn1 = new ASN1(); $data = base64_decode('MD6gJQYKKwYBBAGCNxQCA6AXDBVvZmZpY2VAY2VydGRpZ2l0YWwucm+BFW9mZmljZUBjZXJ0ZGlnaXRhbC5ybw=='); $asn1->decodeBER($data); }