--- embedaddon/php/ext/phar/util.c	2012/05/29 12:34:41	1.1.1.2
+++ embedaddon/php/ext/phar/util.c	2013/07/22 01:31:59	1.1.1.3
@@ -3,7 +3,7 @@
   | phar php single-file executable PHP extension                        |
   | utility functions                                                    |
   +----------------------------------------------------------------------+
-  | Copyright (c) 2005-2012 The PHP Group                                |
+  | Copyright (c) 2005-2013 The PHP Group                                |
   +----------------------------------------------------------------------+
   | This source file is subject to version 3.01 of the PHP license,      |
   | that is bundled with this package in the file LICENSE, and is        |
@@ -18,7 +18,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: util.c,v 1.1.1.2 2012/05/29 12:34:41 misho Exp $ */
+/* $Id: util.c,v 1.1.1.3 2013/07/22 01:31:59 misho Exp $ */
 
 #include "phar_internal.h"
 #ifdef PHAR_HASH_OK
@@ -210,8 +210,6 @@ int phar_mount_entry(phar_archive_data *phar, char *fi
 		return FAILURE;
 	}
 #endif
-
-	filename_len = strlen(entry.tmp);
 	filename = entry.tmp;
 
 	/* only check openbasedir for files, not for phar streams */
@@ -891,6 +889,10 @@ int phar_copy_entry_fp(phar_entry_info *source, phar_e
 	dest->offset = 0;
 	dest->is_modified = 1;
 	dest->fp = php_stream_fopen_tmpfile();
+	if (dest->fp == NULL) {
+		spprintf(error, 0, "phar error: unable to create temporary file");
+		return EOF;
+	}
 	phar_seek_efp(source, 0, SEEK_SET, 0, 1 TSRMLS_CC);
 	link = phar_get_link_source(source TSRMLS_CC);
 
@@ -1131,6 +1133,10 @@ int phar_separate_entry_fp(phar_entry_info *entry, cha
 	}
 
 	fp = php_stream_fopen_tmpfile();
+	if (fp == NULL) {
+		spprintf(error, 0, "phar error: unable to create temporary file");
+		return FAILURE;
+	}
 	phar_seek_efp(entry, 0, SEEK_SET, 0, 1 TSRMLS_CC);
 	link = phar_get_link_source(entry TSRMLS_CC);
 
@@ -2120,8 +2126,7 @@ int phar_create_signature(phar_archive_data *phar, php
 #ifdef PHAR_HAVE_OPENSSL
 			BIO *in;
 			EVP_PKEY *key;
-			EVP_MD *mdtype = (EVP_MD *) EVP_sha1();
-			EVP_MD_CTX md_ctx;
+			EVP_MD_CTX *md_ctx;
 
 			in = BIO_new_mem_buf(PHAR_G(openssl_privatekey), PHAR_G(openssl_privatekey_len));
 
@@ -2142,15 +2147,30 @@ int phar_create_signature(phar_archive_data *phar, php
 				return FAILURE;
 			}
 
+			md_ctx = EVP_MD_CTX_create();
+
 			siglen = EVP_PKEY_size(key);
 			sigbuf = emalloc(siglen + 1);
-			EVP_SignInit(&md_ctx, mdtype);
 
+			if (!EVP_SignInit(md_ctx, EVP_sha1())) {
+				efree(sigbuf);
+				if (error) {
+					spprintf(error, 0, "unable to initialize openssl signature for phar \"%s\"", phar->fname);
+				}
+				return FAILURE;
+			}
+
 			while ((sig_len = php_stream_read(fp, (char*)buf, sizeof(buf))) > 0) {
-				EVP_SignUpdate(&md_ctx, buf, sig_len);
+				if (!EVP_SignUpdate(md_ctx, buf, sig_len)) {
+					efree(sigbuf);
+					if (error) {
+						spprintf(error, 0, "unable to update the openssl signature for phar \"%s\"", phar->fname);
+					}
+					return FAILURE;
+				}
 			}
 
-			if (!EVP_SignFinal (&md_ctx, sigbuf,(unsigned int *)&siglen, key)) {
+			if (!EVP_SignFinal (md_ctx, sigbuf,(unsigned int *)&siglen, key)) {
 				efree(sigbuf);
 				if (error) {
 					spprintf(error, 0, "unable to write phar \"%s\" with requested openssl signature", phar->fname);
@@ -2159,7 +2179,7 @@ int phar_create_signature(phar_archive_data *phar, php
 			}
 
 			sigbuf[siglen] = '\0';
-			EVP_MD_CTX_cleanup(&md_ctx);
+			EVP_MD_CTX_destroy(md_ctx);
 #else
 			sigbuf = NULL;
 			siglen = 0;