diff options
| author | Rasmus Lerdorf <rasmus@php.net> | 2003-03-25 19:26:18 +0000 |
|---|---|---|
| committer | Rasmus Lerdorf <rasmus@php.net> | 2003-03-25 19:26:18 +0000 |
| commit | 15d4bfd60711254d625c858b357fde351b71dd47 (patch) | |
| tree | ef1a26acfacfce01df7d68bb6718fa82e18e4a87 | |
| parent | b7cfe4b5a69bf792edb64e5b34758768d56d502d (diff) | |
| download | php-git-15d4bfd60711254d625c858b357fde351b71dd47.tar.gz | |
Make sure we never pass a negative arg to emalloc
(once again, this API needs to be fixed, so this is just for 4.3)
| -rw-r--r-- | ext/sockets/sockets.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/ext/sockets/sockets.c b/ext/sockets/sockets.c index 8213f44ee4..c8371eb70d 100644 --- a/ext/sockets/sockets.c +++ b/ext/sockets/sockets.c @@ -781,6 +781,7 @@ PHP_FUNCTION(socket_read) if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rl|l", &arg1, &length, &type) == FAILURE) return; + if(length<0) RETURN_FALSE; tmpbuf = emalloc(length + 1); ZEND_FETCH_RESOURCE(php_sock, php_socket *, &arg1, -1, le_socket_name, le_socket); @@ -1120,9 +1121,11 @@ PHP_FUNCTION(socket_iovec_alloc) for (i = 0, j = 1; i < num_vectors; i++, j++) { convert_to_long_ex(args[j]); - - vector_array[i].iov_base = (char*)emalloc(Z_LVAL_PP(args[j])); - vector_array[i].iov_len = Z_LVAL_PP(args[j]); + + if(Z_LVAL_PP(args[j])>0) { + vector_array[i].iov_base = (char*)emalloc(Z_LVAL_PP(args[j])); + vector_array[i].iov_len = Z_LVAL_PP(args[j]); + } } efree(args); @@ -1330,6 +1333,8 @@ PHP_FUNCTION(socket_recv) if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rzll", &php_sock_res, &buf, &len, &flags) == FAILURE) return; + if(len<0) RETURN_FALSE; + ZEND_FETCH_RESOURCE(php_sock, php_socket *, &php_sock_res, -1, le_socket_name, le_socket); recv_buf = emalloc(len + 1); @@ -1404,6 +1409,8 @@ PHP_FUNCTION(socket_recvfrom) ZEND_FETCH_RESOURCE(php_sock, php_socket *, &arg1, -1, le_socket_name, le_socket); + if(arg3<0) RETURN_FALSE; + recv_buf = emalloc(arg3 + 2); memset(recv_buf, 0, arg3 + 2); @@ -1540,6 +1547,8 @@ PHP_FUNCTION(socket_recvmsg) if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rrzzzz|z", &arg1, &arg2, &arg3, &arg4, &arg5, &arg6, &arg7) == FAILURE) return; + if(Z_LVAL_P(arg4)<0) RETURN_FALSE; + ZEND_FETCH_RESOURCE(php_sock, php_socket *, &arg1, -1, le_socket_name, le_socket); ZEND_FETCH_RESOURCE(iov, php_iovec_t *, &arg2, -1, le_iov_name, le_iov); |