diff options
author | Zeev Suraski <zeev@php.net> | 2001-07-10 12:57:28 +0000 |
---|---|---|
committer | Zeev Suraski <zeev@php.net> | 2001-07-10 12:57:28 +0000 |
commit | 4bbb8a001e71f746d9ec19ad60c88a237c6bfd9f (patch) | |
tree | e606367bc1d0439e7d1d1258b6acfc4e721ca956 | |
parent | 48cbbbb3db209a63adfc6b53eb11e73a3cd98b31 (diff) | |
download | php-git-4bbb8a001e71f746d9ec19ad60c88a237c6bfd9f.tar.gz |
Fix a couple of buffer overflows in mcrypt.c
-rw-r--r-- | ext/mcrypt/mcrypt.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c index 2656892bb9..a31a62b8a7 100644 --- a/ext/mcrypt/mcrypt.c +++ b/ext/mcrypt/mcrypt.c @@ -1251,7 +1251,7 @@ static void php_mcrypt_do_crypt (char* cipher, zval **key, zval **data, char *mo else if (count == 1) { /* only m_k_l = OK */ key_s = emalloc (key_length_sizes[0]); memset (key_s, 0, key_length_sizes[0]); - memcpy (key_s, Z_STRVAL_PP(key), Z_STRLEN_PP(key)); + memcpy (key_s, Z_STRVAL_PP(key), MIN(Z_STRLEN_PP(key), key_length_sizes[0])); use_key_length = key_length_sizes[0]; } else { /* derterminating smallest supported key > length of requested key */ @@ -1265,7 +1265,7 @@ static void php_mcrypt_do_crypt (char* cipher, zval **key, zval **data, char *mo } key_s = emalloc (use_key_length); memset (key_s, 0, use_key_length); - memcpy (key_s, Z_STRVAL_PP(key), Z_STRLEN_PP(key)); + memcpy (key_s, Z_STRVAL_PP(key), MIN(Z_STRLEN_PP(key), use_key_length)); } mcrypt_free (key_length_sizes); |