Merge branch 'PHP-5.6' into PHP-7.0

* PHP-5.6:
  Fixed bug #72535 arcfour encryption stream filter crashes php

(cherry picked from commit 968c8fc0d5f05f4abfc7caa4726cbfae6a5d0bf8)

2 files changed, 24 insertions, 1 deletions

diff --git a/ext/mcrypt/mcrypt_filter.c b/ext/mcrypt/mcrypt_filter.c
index 93be0511c7..f848d6468a 100644
--- a/ext/mcrypt/mcrypt_filter.c
+++ b/ext/mcrypt/mcrypt_filter.c
@@ -89,7 +89,7 @@ static php_stream_filter_status_t php_mcrypt_filter(
 			php_stream_bucket_delref(bucket);
 		} else {
 			/* Stream cipher */
-			php_stream_bucket_make_writeable(bucket);
+			bucket = php_stream_bucket_make_writeable(bucket);
 			if (data->encrypt) {
 				mcrypt_generic(data->module, bucket->buf, (int)bucket->buflen);
 			} else {
diff --git a/ext/mcrypt/tests/bug72535.phpt b/ext/mcrypt/tests/bug72535.phpt
new file mode 100644
index 0000000000..9e6d8333f9
--- /dev/null
+++ b/ext/mcrypt/tests/bug72535.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Bug #72535 arcfour encryption stream filter crashes php
+--SKIPIF--
+<?php if (!extension_loaded("mcrypt")) print "skip"; ?>
+--FILE--
+<?php
+$passphrase = 'My secret';
+$plaintext = 'Secret secret secret data';
+
+$iv = substr(md5('iv' . $passphrase, true), 0, 8);
+$key = substr(md5('pass1' . $passphrase, true) .
+	              md5('pass2' . $passphrase, true), 0, 24);
+$opts = array('iv' => $iv, 'key' => $key, 'mode' => 'stream');
+
+$expected = substr($plaintext . $plaintext, 0, 48);
+
+$fp = fopen('php://memory', 'wb+');
+stream_filter_append($fp, 'mcrypt.arcfour', STREAM_FILTER_WRITE, $opts);
+fwrite($fp, $plaintext);
+?>
+==NOCRASH==
+--EXPECT--
+==NOCRASH==