diff options
| author | Stanislav Malyshev <stas@php.net> | 2016-08-11 23:36:25 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2016-08-16 22:55:41 -0700 |
| commit | 1cd6bc64637353536032c53e0b6770233f8d03ca (patch) | |
| tree | 0262aea497dc5adb3fef2806f362b7ddb7d47ba9 /ext/curl | |
| parent | 5a34bd6d1e6b4d31221c50bcf477c9508553a646 (diff) | |
| download | php-git-1cd6bc64637353536032c53e0b6770233f8d03ca.tar.gz | |
Fix for bug #72807 - do not produce strings with negative length
Diffstat (limited to 'ext/curl')
| -rw-r--r-- | ext/curl/interface.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ext/curl/interface.c b/ext/curl/interface.c index c7112a091a..062f9969ae 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -3478,6 +3478,10 @@ PHP_FUNCTION(curl_escape) ZEND_FETCH_RESOURCE(ch, php_curl *, &zid, -1, le_curl_name, le_curl); if ((res = curl_easy_escape(ch->cp, str, str_len))) { + if (strlen(res) > INT_MAX) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Escaped string is too long, maximum is %d", INT_MAX); + RETURN_FALSE; + } RETVAL_STRING(res, 1); curl_free(res); } else { |