Overview

File php-CVE-2015-8838.patch of Package php5.openSUSE_Leap_42.1_Update

X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fmysqlnd%2Fmysqlnd.c;h=7595474475947fb7b13dda8bf980520f030d3007;hp=0a81d0bb96bc347420ea0068dc89a07d5e1bacd5;hb=d8aa5675ad2ead0469c15fad167ecbdd60051716;hpb=12ff95574bb1303fc03695a1721a8b4529d1ed0a

Index: ext/mysqlnd/mysqlnd.c
===================================================================
--- ext/mysqlnd/mysqlnd.c.orig	2016-04-04 16:16:18.770540652 +0200
+++ ext/mysqlnd/mysqlnd.c	2016-04-04 16:28:22.478545987 +0200
@@ -490,27 +490,40 @@
 	}
 
 #ifdef MYSQLND_SSL_SUPPORTED
-	if ((greet_packet->server_capabilities & CLIENT_SSL) && (mysql_flags & CLIENT_SSL)) {
-		zend_bool verify = mysql_flags & CLIENT_SSL_VERIFY_SERVER_CERT? TRUE:FALSE;
-		DBG_INF("Switching to SSL");
-		if (!PACKET_WRITE(auth_packet, conn)) {
-			CONN_SET_STATE(conn, CONN_QUIT_SENT);
-			conn->m->send_close(conn TSRMLS_CC);
-			SET_CLIENT_ERROR(*conn->error_info, CR_SERVER_GONE_ERROR, UNKNOWN_SQLSTATE, mysqlnd_server_gone);
-			goto end;
-		}
+	if (mysql_flags & CLIENT_SSL) {
+		zend_bool server_has_ssl = (greet_packet->server_capabilities & CLIENT_SSL)? TRUE:FALSE;
+		if (server_has_ssl == FALSE) {
+			goto close_conn;
+		} else {
+			zend_bool verify = mysql_flags & CLIENT_SSL_VERIFY_SERVER_CERT? TRUE:FALSE;
+			DBG_INF("Switching to SSL");
+			if (!PACKET_WRITE(auth_packet, conn)) {
+				goto close_conn;
+			}
 
-		conn->net->data->m.set_client_option(conn->net, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (const char *) &verify TSRMLS_CC);
+			conn->net->data->m.set_client_option(conn->net, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (const char *) &verify TSRMLS_CC);
 
-		if (FAIL == conn->net->data->m.enable_ssl(conn->net TSRMLS_CC)) {
-			goto end;
+			if (FAIL == conn->net->data->m.enable_ssl(conn->net TSRMLS_CC)) {
+				goto end;
+			}
 		}
 	}
+#else
+	auth_packet->client_flags &= ~CLIENT_SSL;
+	if (!PACKET_WRITE(auth_packet, conn)) {
+		goto close_conn;
+	}
 #endif
 	ret = PASS;
 end:
 	PACKET_FREE(auth_packet);
 	DBG_RETURN(ret);
+close_conn:
+	CONN_SET_STATE(conn, CONN_QUIT_SENT);
+	conn->m->send_close(conn TSRMLS_CC);
+	SET_CLIENT_ERROR(*conn->error_info, CR_SERVER_GONE_ERROR, UNKNOWN_SQLSTATE, mysqlnd_server_gone);
+	PACKET_FREE(auth_packet);
+	DBG_RETURN(ret);
 }
 /* }}} */
openSUSE Build Service is sponsored by
Places