diff options
author | Stanislav Malyshev <stas@php.net> | 2016-08-03 00:58:55 -0700 |
---|---|---|
committer | Anatol Belski <ab@php.net> | 2016-08-17 11:30:38 +0200 |
commit | 19c10bb629139c42f55f10c9c84dfe3ba29567c6 (patch) | |
tree | 105262a5a12abf4a0d7c8d9f9c396fe94c8f9546 | |
parent | 0a85fd9877feb44520d2967f64ebb20483264e52 (diff) | |
download | php-git-19c10bb629139c42f55f10c9c84dfe3ba29567c6.tar.gz |
Fix bug #72674 - check both curl_escape and curl_unescape
(cherry picked from commit 72dbb7f416160f490c4e9987040989a10ad431c7)
-rw-r--r-- | ext/curl/interface.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/ext/curl/interface.c b/ext/curl/interface.c index be15785cd0..7069710ece 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -3517,7 +3517,7 @@ PHP_FUNCTION(curl_reset) PHP_FUNCTION(curl_escape) { char *str = NULL, *res = NULL; - size_t str_len = 0; + size_t str_len = 0; zval *zid; php_curl *ch; @@ -3529,6 +3529,10 @@ PHP_FUNCTION(curl_escape) RETURN_FALSE; } + if (ZEND_SIZE_T_INT_OVFL(str_len)) { + RETURN_FALSE; + } + if ((res = curl_easy_escape(ch->cp, str, str_len))) { RETVAL_STRING(res); curl_free(res); @@ -3556,7 +3560,7 @@ PHP_FUNCTION(curl_unescape) RETURN_FALSE; } - if (str_len > INT_MAX) { + if (ZEND_SIZE_T_INT_OVFL(str_len)) { RETURN_FALSE; } |