diff options
| author | Stanislav Malyshev <stas@php.net> | 2016-10-11 13:37:47 -0700 |
|---|---|---|
| committer | Anatol Belski <ab@php.net> | 2016-10-13 00:35:18 +0200 |
| commit | 1c2d486cb13525b376059046e47e0f7c7e44f981 (patch) | |
| tree | c405ff2b1c74fa9b22c828d91317446191ed3a15 | |
| parent | 850504ae7d1ab97299b6ad1776a580e714526328 (diff) | |
| download | php-git-1c2d486cb13525b376059046e47e0f7c7e44f981.tar.gz | |
Fix bug #73276 - crash in openssl_random_pseudo_bytes function
(cherry picked from commit 85a22a0af0722ef3a8d49a056a0b2b18be1fb981)
(cherry picked from commit 7dc8b5e7aefce963a7a222c48ee3506725c4776b)
| -rw-r--r-- | ext/openssl/openssl.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index e2f9fafacf..bf1f0c51a9 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -5546,7 +5546,11 @@ PHP_FUNCTION(openssl_random_pseudo_bytes) return; } - if (buffer_length <= 0) { + if (buffer_length <= 0 +#ifndef PHP_WIN32 + || ZEND_LONG_INT_OVFL(buffer_length) +#endif + ) { RETURN_FALSE; } @@ -5570,6 +5574,7 @@ PHP_FUNCTION(openssl_random_pseudo_bytes) PHP_OPENSSL_CHECK_LONG_TO_INT(buffer_length, length); PHP_OPENSSL_RAND_ADD_TIME(); + /* FIXME loop if requested size > INT_MAX */ if (RAND_bytes((unsigned char*)ZSTR_VAL(buffer), (int)buffer_length) <= 0) { zend_string_release(buffer); if (zstrong_result_returned) { |