diff options
| author | Stanislav Malyshev <stas@php.net> | 2016-10-11 13:37:47 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2016-10-11 13:37:47 -0700 |
| commit | 85a22a0af0722ef3a8d49a056a0b2b18be1fb981 (patch) | |
| tree | e65fda886ab7a89a63d1f21c9bc4707b26fa8fe6 | |
| parent | 96a8cf8e1b5dc1b0c708bb5574e0d6727cc56d9e (diff) | |
| download | php-git-85a22a0af0722ef3a8d49a056a0b2b18be1fb981.tar.gz | |
Fix bug #73276 - crash in openssl_random_pseudo_bytes function
| -rw-r--r-- | ext/openssl/openssl.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 33593e729e..01f2a099a8 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -5466,16 +5466,16 @@ PHP_FUNCTION(openssl_random_pseudo_bytes) return; } - if (buffer_length <= 0) { - RETURN_FALSE; - } - if (zstrong_result_returned) { zval_dtor(zstrong_result_returned); ZVAL_BOOL(zstrong_result_returned, 0); } - buffer = emalloc(buffer_length + 1); + if (buffer_length <= 0 || buffer_length > INT_MAX) { + RETURN_FALSE; + } + + buffer = safe_emalloc(buffer_length, 1, 1); #ifdef PHP_WIN32 /* random/urandom equivalent on Windows */ |