File php-CVE-2015-8867.patch of Package php5.openSUSE_Leap_42.1_Update
Index: ext/openssl/openssl.c
===================================================================
--- ext/openssl/openssl.c.orig 2016-04-26 11:39:32.835013992 +0200
+++ ext/openssl/openssl.c 2016-04-26 11:39:57.971014652 +0200
@@ -5312,7 +5312,6 @@
long buffer_length;
unsigned char *buffer = NULL;
zval *zstrong_result_returned = NULL;
- int strong_result = 0;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l|z", &buffer_length, &zstrong_result_returned) == FAILURE) {
return;
@@ -5330,7 +5329,6 @@
buffer = emalloc(buffer_length + 1);
#ifdef PHP_WIN32
- strong_result = 1;
/* random/urandom equivalent on Windows */
if (php_win32_get_random_bytes(buffer, (size_t) buffer_length) == FAILURE){
efree(buffer);
@@ -5340,7 +5338,7 @@
RETURN_FALSE;
}
#else
- if ((strong_result = RAND_pseudo_bytes(buffer, buffer_length)) < 0) {
+ if (RAND_bytes(buffer, buffer_length) <= 0) {
efree(buffer);
if (zstrong_result_returned) {
ZVAL_BOOL(zstrong_result_returned, 0);
@@ -5353,7 +5351,7 @@
RETVAL_STRINGL((char *)buffer, buffer_length, 0);
if (zstrong_result_returned) {
- ZVAL_BOOL(zstrong_result_returned, strong_result);
+ ZVAL_BOOL(zstrong_result_returned, 1);
}
}
/* }}} */