Overview

File php-CVE-2015-8867.patch of Package php5.openSUSE_Leap_42.1_Update

Index: ext/openssl/openssl.c
===================================================================
--- ext/openssl/openssl.c.orig	2016-04-26 11:39:32.835013992 +0200
+++ ext/openssl/openssl.c	2016-04-26 11:39:57.971014652 +0200
@@ -5312,7 +5312,6 @@
 	long buffer_length;
 	unsigned char *buffer = NULL;
 	zval *zstrong_result_returned = NULL;
-	int strong_result = 0;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l|z", &buffer_length, &zstrong_result_returned) == FAILURE) {
 		return;
@@ -5330,7 +5329,6 @@
 	buffer = emalloc(buffer_length + 1);
 
 #ifdef PHP_WIN32
-	strong_result = 1;
 	/* random/urandom equivalent on Windows */
 	if (php_win32_get_random_bytes(buffer, (size_t) buffer_length) == FAILURE){
 		efree(buffer);
@@ -5340,7 +5338,7 @@
 		RETURN_FALSE;
 	}
 #else
-	if ((strong_result = RAND_pseudo_bytes(buffer, buffer_length)) < 0) {
+       if (RAND_bytes(buffer, buffer_length) <= 0) {
 		efree(buffer);
 		if (zstrong_result_returned) {
 			ZVAL_BOOL(zstrong_result_returned, 0);
@@ -5353,7 +5351,7 @@
 	RETVAL_STRINGL((char *)buffer, buffer_length, 0);
 
 	if (zstrong_result_returned) {
-		ZVAL_BOOL(zstrong_result_returned, strong_result);
+               ZVAL_BOOL(zstrong_result_returned, 1);
 	}
 }
 /* }}} */
openSUSE Build Service is sponsored by
Places