Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions NEWS
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? ????, PHP 8.6.0alpha2

- OpenSSL:
. Fixed stream_socket_get_crypto_status() after supplemental read. (ilutov)

02 Jul 2026, PHP 8.6.0alpha1

Expand Down
2 changes: 2 additions & 0 deletions ext/opcache/ZendAccelerator.c
Original file line number Diff line number Diff line change
Expand Up @@ -4379,13 +4379,15 @@ static void preload_fix_trait_op_array(zend_op_array *op_array)
uint32_t fn_flags2 = op_array->fn_flags2;
zend_function *prototype = op_array->prototype;
HashTable *ht = op_array->static_variables;
const zend_property_info *prop_info = op_array->prop_info;
*op_array = *orig_op_array;
op_array->function_name = function_name;
op_array->scope = scope;
op_array->fn_flags = fn_flags;
op_array->fn_flags2 = fn_flags2;
op_array->prototype = prototype;
op_array->static_variables = ht;
op_array->prop_info = prop_info;
}

static void preload_fix_trait_methods(const zend_class_entry *ce)
Expand Down
25 changes: 25 additions & 0 deletions ext/opcache/tests/gh21770.phpt
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
--TEST--
GH-21770 (Infinite recursion in property hook getter in opcache preloaded trait)
--INI--
opcache.enable=1
opcache.enable_cli=1
opcache.optimization_level=-1
opcache.preload={PWD}/preload_gh21770.inc
--EXTENSIONS--
opcache
--SKIPIF--
<?php
if (PHP_OS_FAMILY == 'Windows') die('skip Preloading is not supported on Windows');
?>
--FILE--
<?php
$b = new B();
echo $b->a, "\n";

$c = new C();
$c->x = 42;
var_dump($c->x);
?>
--EXPECT--
a
int(42)
20 changes: 20 additions & 0 deletions ext/opcache/tests/preload_gh21770.inc
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
<?php
trait A {
public ?string $a = 'a' {
get => $this->a;
}
}

trait X {
public int $x = 0 {
set(int $value) => $value;
}
}

class B {
use A;
}

class C {
use X;
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
--TEST--
stream_socket_get_crypto_status(): reports status NONE after supplemental read
--EXTENSIONS--
openssl
--SKIPIF--
<?php
if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'crypto_status_supplemental_read.pem.tmp';
$peerName = 'crypto-status-supplemental-read';

$serverCode = <<<'CODE'
$ctx = stream_context_create(['ssl' => ['local_cert' => '%s']]);
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$server = stream_socket_server("tls://127.0.0.1:0", $errno, $errstr, $flags, $ctx);
phpt_notify_server_start($server);

$conn = stream_socket_accept($server, 30);

fwrite($conn, "hello\n");

phpt_wait();
fclose($conn);
CODE;
$serverCode = sprintf($serverCode, $certFile);

$clientCode = <<<'CODE'
$ctx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
'peer_name' => '%s',
]]);

$client = stream_socket_client("tls://{{ ADDR }}", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $ctx);
stream_set_blocking($client, false);

$buf = '';
$read = [$client];
$write = $except = null;
while (stream_select($read, $write, $except, 5)) {
// Initially, read only the first char, then request more than is stored
// in the buffer, triggering a supplemental read.
$chunk = fread($client, strlen($buf) === 0 ? 1 : 10);
if ($chunk === '' || $chunk === false) {
/* A non-application record (e.g. a TLS 1.3 session ticket) may arrive first. */
if (feof($client)) {
break;
}
} else {
$buf .= $chunk;
if (strlen($buf) >= 6) {
break;
}
}
$read = [$client];
$write = $except = null;
}

echo trim($buf), "\n";
/* A successful read clears the pending status back to NONE. */
var_dump(stream_socket_get_crypto_status($client) === STREAM_CRYPTO_STATUS_NONE);

phpt_notify();
fclose($client);
CODE;
$clientCode = sprintf($clientCode, $peerName);

include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);

include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'crypto_status_supplemental_read.pem.tmp');
?>
--EXPECT--
hello
bool(true)
90 changes: 90 additions & 0 deletions ext/openssl/tests/stream_supplemental_read_timeout.phpt
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
--TEST--
Timeout for supplemental read at end of a blocking stream in SSL stream wrapper
--EXTENSIONS--
openssl
--SKIPIF--
<?php
if (!function_exists("proc_open")) die("skip no proc_open");
?>
--FILE--
<?php
$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'crypto_supplemental_read_timeout.pem.tmp';
$peerName = 'crypto-supplemental-read-timeout';

$serverCode = <<<'CODE'
$ctx = stream_context_create(['ssl' => ['local_cert' => '%s']]);
$flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
$server = stream_socket_server("tls://127.0.0.1:0", $errno, $errstr, $flags, $ctx);
phpt_notify_server_start($server);

$conn = stream_socket_accept($server, 30);

fwrite($conn, "hello\n");

phpt_wait();
fclose($conn);
CODE;
$serverCode = sprintf($serverCode, $certFile);

$clientCode = <<<'CODE'
$ctx = stream_context_create(['ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
'peer_name' => '%s',
]]);

$client = stream_socket_client("tls://{{ ADDR }}", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $ctx);
stream_set_blocking($client, true);
stream_set_timeout($client, 5);
$start = hrtime(true);

$buf = '';
$read = [$client];
$write = $except = null;
while (true) {
if (!stream_select($read, $write, $except, 5)) {
break;
}

// Initially, read only the first char, then request more than is stored
// in the buffer, triggering a supplemental read.
$chunk = fread($client, strlen($buf) === 0 ? 1 : 10);
if ($chunk === '' || $chunk === false) {
/* A non-application record (e.g. a TLS 1.3 session ticket) may arrive first. */
if (feof($client)) {
break;
}
} else {
$buf .= $chunk;
if (strlen($buf) >= 6) {
break;
}
}
$read = [$client];
$write = $except = null;
}

echo trim($buf), "\n";

$diff = (hrtime(true) - $start) / 1e9;
var_dump($diff < 4.0);

phpt_notify();
fclose($client);
CODE;
$clientCode = sprintf($clientCode, $peerName);

include 'CertificateGenerator.inc';
$certificateGenerator = new CertificateGenerator();
$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);

include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
?>
--CLEAN--
<?php
@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'crypto_supplemental_read_timeout.pem.tmp');
?>
--EXPECT--
hello
bool(true)
22 changes: 18 additions & 4 deletions ext/openssl/xp_ssl.c
Original file line number Diff line number Diff line change
Expand Up @@ -2874,7 +2874,11 @@ static ssize_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, si

/* Only do this if SSL is active. */
if (sslsock->ssl_active) {
int retry = 1;
/* We have already returned some buffered data. Don't retry and don't
* block. We're just trying to fill the buffer more, but the stream might
* be empty, so we don't want to wait in vain. */
bool supplemental = stream->has_buffered_data;
int retry = !supplemental;
struct timeval start_time;
struct timeval *timeout = NULL;
bool began_blocked = sslsock->s.is_blocked;
Expand All @@ -2887,11 +2891,11 @@ static ssize_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, si
}

/* never use a timeout with non-blocking sockets */
if (began_blocked) {
if (began_blocked && !supplemental) {
timeout = &sslsock->s.timeout;
}

if (timeout) {
if (timeout || supplemental) {
php_openssl_set_blocking(sslsock, 0);
}

Expand Down Expand Up @@ -2966,7 +2970,7 @@ static ssize_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, si
}

/* Don't loop indefinitely in non-blocking mode if no data is available */
if (began_blocked == 0) {
if (began_blocked == 0 || supplemental) {
break;
}

Expand Down Expand Up @@ -3015,6 +3019,16 @@ static ssize_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, si
php_stream_notify_progress_increment(PHP_STREAM_CONTEXT(stream), nr_bytes, 0);
}

/* This might be a supplemental read after consuming buffered data. If
* the read returned nothing, ignore status WANT_READ. */
if (read &&
supplemental &&
nr_bytes <= 0 &&
sslsock->last_status == STREAM_CRYPTO_STATUS_WANT_READ
) {
sslsock->last_status = STREAM_CRYPTO_STATUS_NONE;
}

/* And if we were originally supposed to be blocking, let's reset the socket to that. */
if (began_blocked) {
php_openssl_set_blocking(sslsock, 1);
Expand Down