Dev news

Commit d08d80cf024 for php.net

commit d08d80cf0244fe9811f060b39438f0c2916a8a6a
Merge: 7e78b0f1d28 41458c6ad69
Author: David Carlier <devnexen@gmail.com>
Date:   Thu Mar 5 18:51:23 2026 +0000

    Merge branch 'PHP-8.4' into PHP-8.5

    * PHP-8.4:
      Fix GH-21336: undefined behavior in snmp setSecurity.

diff --cc ext/snmp/snmp.c
index db2d0ad8786,22eb6525f8e..b479f21c8d1
--- a/ext/snmp/snmp.c
+++ b/ext/snmp/snmp.c
@@@ -1006,7 -959,7 +1006,7 @@@ static bool snmp_session_set_sec_level(
  /* }}} */

  /* {{{ Set the authentication protocol in the snmpv3 session */
- static bool snmp_session_set_auth_protocol(struct snmp_session *s, zend_string *prot)
 -static ZEND_ATTRIBUTE_NONNULL bool netsnmp_session_set_auth_protocol(struct snmp_session *s, zend_string *prot)
++static ZEND_ATTRIBUTE_NONNULL bool snmp_session_set_auth_protocol(struct snmp_session *s, zend_string *prot)
  {
  #ifndef DISABLE_MD5
  	if (zend_string_equals_literal_ci(prot, "MD5")) {
@@@ -1055,7 -1011,7 +1055,7 @@@
  /* }}} */

  /* {{{ Set the security protocol in the snmpv3 session */
- static bool snmp_session_set_sec_protocol(struct snmp_session *s, zend_string *prot)
 -static ZEND_ATTRIBUTE_NONNULL bool netsnmp_session_set_sec_protocol(struct snmp_session *s, zend_string *prot)
++static ZEND_ATTRIBUTE_NONNULL bool snmp_session_set_sec_protocol(struct snmp_session *s, zend_string *prot)
  {
  #ifndef NETSNMP_DISABLE_DES
  	if (zend_string_equals_literal_ci(prot, "DES")) {
@@@ -1092,9 -1048,10 +1092,10 @@@
  /* }}} */

  /* {{{ Make key from pass phrase in the snmpv3 session */
- static bool snmp_session_gen_auth_key(struct snmp_session *s, zend_string *pass)
 -static ZEND_ATTRIBUTE_NONNULL bool netsnmp_session_gen_auth_key(struct snmp_session *s, zend_string *pass)
++static ZEND_ATTRIBUTE_NONNULL bool snmp_session_gen_auth_key(struct snmp_session *s, zend_string *pass)
  {
  	int snmp_errno;
+
  	s->securityAuthKeyLen = USM_AUTH_KU_LEN;
  	if ((snmp_errno = generate_Ku(s->securityAuthProto, s->securityAuthProtoLen,
  			(uint8_t *) ZSTR_VAL(pass), ZSTR_LEN(pass),
@@@ -1107,7 -1064,7 +1108,7 @@@
  /* }}} */

  /* {{{ Make key from pass phrase in the snmpv3 session */
- static bool snmp_session_gen_sec_key(struct snmp_session *s, zend_string *pass)
 -static ZEND_ATTRIBUTE_NONNULL bool netsnmp_session_gen_sec_key(struct snmp_session *s, zend_string *pass)
++static ZEND_ATTRIBUTE_NONNULL bool snmp_session_gen_sec_key(struct snmp_session *s, zend_string *pass)
  {
  	int snmp_errno;

@@@ -1146,9 -1103,10 +1147,10 @@@ static bool snmp_session_set_contextEng
  /* }}} */

  /* {{{ Set all snmpv3-related security options */
- static bool snmp_session_set_security(struct snmp_session *session, zend_string *sec_level,
 -static ZEND_ATTRIBUTE_NONNULL_ARGS(2) bool netsnmp_session_set_security(struct snmp_session *session, zend_string *sec_level,
++static ZEND_ATTRIBUTE_NONNULL_ARGS(2) bool snmp_session_set_security(struct snmp_session *session, zend_string *sec_level,
  	zend_string *auth_protocol, zend_string *auth_passphrase, zend_string *priv_protocol,
- 	zend_string *priv_passphrase, zend_string *contextName, zend_string *contextEngineID)
+ 	zend_string *priv_passphrase, zend_string *contextName, zend_string *contextEngineID,
+ 	uint32_t auth_protocol_argnum)
  {

  	/* Setting the security level. */
@@@ -1159,27 -1117,48 +1161,48 @@@

  	if (session->securityLevel == SNMP_SEC_LEVEL_AUTHNOPRIV || session->securityLevel == SNMP_SEC_LEVEL_AUTHPRIV) {

+ 		if (!auth_protocol) {
+ 			zend_argument_value_error(auth_protocol_argnum, "cannot be null when security level is \"authNoPriv\" or \"authPriv\"");
+ 			return false;
+ 		}
+
  		/* Setting the authentication protocol. */
 -		if (!netsnmp_session_set_auth_protocol(session, auth_protocol)) {
 +		if (!snmp_session_set_auth_protocol(session, auth_protocol)) {
  			/* ValueError already generated, just bail out */
  			return false;
  		}

+ 		if (!auth_passphrase) {
+ 			zend_argument_value_error(auth_protocol_argnum + 1, "cannot be null when security level is \"authNoPriv\" or \"authPriv\"");
+ 			return false;
+ 		}
+
  		/* Setting the authentication passphrase. */
 -		if (!netsnmp_session_gen_auth_key(session, auth_passphrase)) {
 +		if (!snmp_session_gen_auth_key(session, auth_passphrase)) {
  			/* Warning message sent already, just bail out */
  			return false;
  		}

  		if (session->securityLevel == SNMP_SEC_LEVEL_AUTHPRIV) {
+
+ 			if (!priv_protocol) {
+ 				zend_argument_value_error(auth_protocol_argnum + 2, "cannot be null when security level is \"authPriv\"");
+ 				return false;
+ 			}
+
  			/* Setting the security protocol. */
 -			if (!netsnmp_session_set_sec_protocol(session, priv_protocol)) {
 +			if (!snmp_session_set_sec_protocol(session, priv_protocol)) {
  				/* ValueError already generated, just bail out */
  				return false;
  			}

+ 			if (!priv_passphrase) {
+ 				zend_argument_value_error(auth_protocol_argnum + 3, "cannot be null when security level is \"authPriv\"");
+ 				return false;
+ 			}
+
  			/* Setting the security protocol passphrase. */
 -			if (!netsnmp_session_gen_sec_key(session, priv_passphrase)) {
 +			if (!snmp_session_gen_sec_key(session, priv_passphrase)) {
  				/* Warning message sent already, just bail out */
  				return false;
  			}
@@@ -1342,14 -1312,14 +1365,14 @@@ static void php_snmp(INTERNAL_FUNCTION_
  	}

  	if (session_less_mode) {
 -		if (!netsnmp_session_init(&session, version, a1, a2, timeout, retries)) {
 +		if (!snmp_session_init(&session, version, a1, a2, timeout, retries, timeout_argument_offset)) {
  			php_free_objid_query(&objid_query, oid_ht, value_ht, st);
 -			netsnmp_session_free(&session);
 +			snmp_session_free(&session);
  			RETURN_FALSE;
  		}
- 		if (version == SNMP_VERSION_3 && !snmp_session_set_security(session, a3, a4, a5, a6, a7, NULL, NULL)) {
 -		if (version == SNMP_VERSION_3 && !netsnmp_session_set_security(session, a3, a4, a5, a6, a7, NULL, NULL, 4)) {
++		if (version == SNMP_VERSION_3 && !snmp_session_set_security(session, a3, a4, a5, a6, a7, NULL, NULL, 4)) {
  			php_free_objid_query(&objid_query, oid_ht, value_ht, st);
 -			netsnmp_session_free(&session);
 +			snmp_session_free(&session);
  			/* Warning message sent already, just bail out */
  			RETURN_FALSE;
  		}
@@@ -1722,7 -1692,7 +1745,7 @@@ PHP_METHOD(SNMP, setSecurity
  		RETURN_THROWS();
  	}

- 	if (!snmp_session_set_security(snmp_object->session, a1, a2, a3, a4, a5, a6, a7)) {
 -	if (!netsnmp_session_set_security(snmp_object->session, a1, a2, a3, a4, a5, a6, a7, 2)) {
++	if (!snmp_session_set_security(snmp_object->session, a1, a2, a3, a4, a5, a6, a7, 2)) {
  		/* Warning message sent already, just bail out */
  		RETURN_FALSE;
  	}