Skip to content

Instantly share code, notes, and snippets.

/72551.diff Secret
Created Jul 13, 2016

Embed
What would you like to do?
Patch for 72551
commit 3810e7b362e7bdef00ad33ae683a49aa7ab19e0d
Author: Stanislav Malyshev <stas@php.net>
Date: Tue Jul 12 23:13:52 2016 -0700
Fix bug #72551 and bug #72552 - check before converting size_t->int
diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c
index fb5c638..73acaa2 100644
--- a/ext/mcrypt/mcrypt.c
+++ b/ext/mcrypt/mcrypt.c
@@ -645,6 +645,10 @@ PHP_FUNCTION(mcrypt_generic)
memset(ZSTR_VAL(data_str), 0, data_size);
memcpy(ZSTR_VAL(data_str), data, data_len);
} else { /* It's not a block algorithm */
+ if (data_len > INT_MAX) {
+ php_error_docref(NULL, E_WARNING, "Data size too large, %d maximum", INT_MAX);
+ RETURN_FALSE;
+ }
data_size = (int)data_len;
data_str = zend_string_alloc(data_size, 0);
memset(ZSTR_VAL(data_str), 0, data_size);
@@ -695,6 +699,10 @@ PHP_FUNCTION(mdecrypt_generic)
memset(data_s, 0, data_size);
memcpy(data_s, data, data_len);
} else { /* It's not a block algorithm */
+ if (data_len > INT_MAX) {
+ php_error_docref(NULL, E_WARNING, "Data size too large, %d maximum", INT_MAX);
+ RETURN_FALSE;
+ }
data_size = (int)data_len;
data_s = emalloc(data_size + 1);
memset(data_s, 0, data_size);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.