-
-
Save anonymous/5187488335eff73b816f0d4ed0d4290f to your computer and use it in GitHub Desktop.
Patch for 74603
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit fec9a2e1b599b870c22733047d16cb1fa18ca711 | |
Author: Stanislav Malyshev <stas@php.net> | |
Date: Tue Jun 20 00:09:01 2017 -0700 | |
Fix bug #74603 - use correct buffer size | |
diff --git a/Zend/tests/bug74603.ini b/Zend/tests/bug74603.ini | |
new file mode 100644 | |
index 0000000..8d74a57 | |
--- /dev/null | |
+++ b/Zend/tests/bug74603.ini | |
@@ -0,0 +1 @@ | |
+0=0&~2000000000 | |
diff --git a/Zend/tests/bug74603.phpt b/Zend/tests/bug74603.phpt | |
new file mode 100644 | |
index 0000000..b3194ec | |
--- /dev/null | |
+++ b/Zend/tests/bug74603.phpt | |
@@ -0,0 +1,15 @@ | |
+--TEST-- | |
+Bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability) | |
+--SKIPIF-- | |
+<?php | |
+if (PHP_INT_MAX !== 2147483647) | |
+ die('skip for 32-bit only'); | |
+--FILE-- | |
+<?php | |
+var_dump(parse_ini_file(__DIR__ . "/bug74603.ini", true, INI_SCANNER_NORMAL)); | |
+?> | |
+--EXPECT-- | |
+array(1) { | |
+ [0]=> | |
+ string(1) "0" | |
+} | |
diff --git a/Zend/zend_ini_parser.y b/Zend/zend_ini_parser.y | |
index ea4771a..ad8a84d 100644 | |
--- a/Zend/zend_ini_parser.y | |
+++ b/Zend/zend_ini_parser.y | |
@@ -53,7 +53,7 @@ static void zend_ini_do_op(char type, zval *result, zval *op1, zval *op2) | |
{ | |
int i_result; | |
int i_op1, i_op2; | |
- char str_result[MAX_LENGTH_OF_LONG]; | |
+ char str_result[MAX_LENGTH_OF_LONG+1]; | |
i_op1 = atoi(Z_STRVAL_P(op1)); | |
free(Z_STRVAL_P(op1)); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment