Skip to content

Instantly share code, notes, and snippets.

/72848.diff Secret
Created Aug 16, 2016

Embed
What would you like to do?
Patch for 72848
commit a29edf505ad1562ed1e468babf0b104d5c2fda9b
Author: Stanislav Malyshev <stas@php.net>
Date: Tue Aug 16 15:48:31 2016 -0700
Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
diff --git a/ext/standard/quot_print.c b/ext/standard/quot_print.c
index 3b8c0ec..b85cf42 100644
--- a/ext/standard/quot_print.c
+++ b/ext/standard/quot_print.c
@@ -275,6 +275,11 @@ PHP_FUNCTION(quoted_printable_encode)
}
new_str = (char *)php_quot_print_encode((unsigned char *)str, (size_t)str_len, &new_str_len);
+ if (new_str_len > INT_MAX)) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "String too long, max length is %d", INT_MAX);
+ efree(new_str);
+ RETURN_FALSE;
+ }
RETURN_STRINGL(new_str, new_str_len, 0);
}
/* }}} */
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.