diff options
| author | Stanislav Malyshev <stas@php.net> | 2016-08-16 23:52:22 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2016-08-16 23:52:22 -0700 |
| commit | 75d7666968573a0abea36b46aae2b0c0ad6eb488 (patch) | |
| tree | 7f8ae5f118e05f973a96af81747317c62f075515 /ext/mcrypt | |
| parent | f3231a7c766f28cb7f14bc7c2d21986fcb9740cd (diff) | |
| parent | f8a75d4eee3446fb5c5c493b28b9ee80e34041cc (diff) | |
| download | php-git-75d7666968573a0abea36b46aae2b0c0ad6eb488.tar.gz | |
Merge branch 'PHP-7.0.10' into PHP-7.0
* PHP-7.0.10:
Fix bug #72749: wddx_deserialize allows illegal memory access
Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF
fix tests
Fix bug#72697 - select_colors write out-of-bounds
Fix bug #72708 - php_snmp_parse_oid integer overflow in memory allocation
Fix bug #72730 - imagegammacorrect allows arbitrary write access
Fix bug #72750: wddx_deserialize null dereference
Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack
fix tests
add missing skipif section
Fix for bug #72790 and bug #72799
Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
Fix bug #72742 - memory allocator fails to realloc small block to large one
Use size_t for path length
Check for string overflow
Fix for bug #72782: mcrypt accepts only ints, so don't pass anything else
Fix bug #72674 - check both curl_escape and curl_unescape
Diffstat (limited to 'ext/mcrypt')
| -rw-r--r-- | ext/mcrypt/mcrypt.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c index 73acaa29f2..9865cbb9fc 100644 --- a/ext/mcrypt/mcrypt.c +++ b/ext/mcrypt/mcrypt.c @@ -633,6 +633,10 @@ PHP_FUNCTION(mcrypt_generic) RETURN_FALSE } + if (data_len > INT_MAX) { + php_error_docref(NULL, E_WARNING, "Data size too large, %d maximum", INT_MAX); + RETURN_FALSE; + } /* Check blocksize */ if (mcrypt_enc_is_block_mode(pm->td) == 1) { /* It's a block algorithm */ block_size = mcrypt_enc_get_block_size(pm->td); @@ -645,10 +649,6 @@ PHP_FUNCTION(mcrypt_generic) memset(ZSTR_VAL(data_str), 0, data_size); memcpy(ZSTR_VAL(data_str), data, data_len); } else { /* It's not a block algorithm */ - if (data_len > INT_MAX) { - php_error_docref(NULL, E_WARNING, "Data size too large, %d maximum", INT_MAX); - RETURN_FALSE; - } data_size = (int)data_len; data_str = zend_string_alloc(data_size, 0); memset(ZSTR_VAL(data_str), 0, data_size); @@ -688,6 +688,10 @@ PHP_FUNCTION(mdecrypt_generic) } /* Check blocksize */ + if (data_len > INT_MAX) { + php_error_docref(NULL, E_WARNING, "Data size too large, %d maximum", INT_MAX); + RETURN_FALSE; + } if (mcrypt_enc_is_block_mode(pm->td) == 1) { /* It's a block algorithm */ block_size = mcrypt_enc_get_block_size(pm->td); data_size = ((((int)data_len - 1) / block_size) + 1) * block_size; @@ -699,10 +703,6 @@ PHP_FUNCTION(mdecrypt_generic) memset(data_s, 0, data_size); memcpy(data_s, data, data_len); } else { /* It's not a block algorithm */ - if (data_len > INT_MAX) { - php_error_docref(NULL, E_WARNING, "Data size too large, %d maximum", INT_MAX); - RETURN_FALSE; - } data_size = (int)data_len; data_s = emalloc(data_size + 1); memset(data_s, 0, data_size); |