diff options
author | Stanislav Malyshev <stas@php.net> | 2016-10-11 13:19:20 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2016-10-11 13:19:20 -0700 |
commit | 8822f7c9f0be2f591f8fa58834c5e1bc529b24dc (patch) | |
tree | ca6991e1e0d95d32ca60ad0f2e0e9095c655b1a3 | |
parent | 8259130b6bc752968856b352c9e7f8e03a8c0a8e (diff) | |
download | php-git-8822f7c9f0be2f591f8fa58834c5e1bc529b24dc.tar.gz |
fix bug #73275 - crash in openssl_encrypt function
-rw-r--r-- | ext/openssl/openssl.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 844132b2cc..33593e729e 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -5260,7 +5260,7 @@ PHP_FUNCTION(openssl_encrypt) free_iv = php_openssl_validate_iv(&iv, &iv_len, max_iv_len TSRMLS_CC); outlen = data_len + EVP_CIPHER_block_size(cipher_type); - outbuf = emalloc(outlen + 1); + outbuf = safe_emalloc(outlen, 1, 1); EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL); if (password_len > keylen) { @@ -5278,14 +5278,18 @@ PHP_FUNCTION(openssl_encrypt) outlen += i; if (options & OPENSSL_RAW_DATA) { outbuf[outlen] = '\0'; - RETVAL_STRINGL((char *)outbuf, outlen, 0); + RETVAL_STRINGL_CHECK((char *)outbuf, outlen, 0); } else { int base64_str_len; char *base64_str; base64_str = (char*)php_base64_encode(outbuf, outlen, &base64_str_len); efree(outbuf); - RETVAL_STRINGL(base64_str, base64_str_len, 0); + if (!base64_str) { + RETVAL_FALSE; + } else { + RETVAL_STRINGL(base64_str, base64_str_len, 0); + } } } else { efree(outbuf); |