diff options
| author | Xinchen Hui <laruence@gmail.com> | 2016-08-17 17:14:30 +0800 |
|---|---|---|
| committer | Xinchen Hui <laruence@gmail.com> | 2016-08-17 17:14:30 +0800 |
| commit | ce6ad9bdd96dd3702ef248e5e364400402620dbc (patch) | |
| tree | e4568a0b9239c67999fccb6f75f935a37419f5c7 /ext/mcrypt/mcrypt.c | |
| parent | e47773b6266a8bb6d39af7f3ed5630c4698c2f76 (diff) | |
| parent | 1dab8e07f2e14221f534202e7d0c03600b3259eb (diff) | |
| download | php-git-ce6ad9bdd96dd3702ef248e5e364400402620dbc.tar.gz | |
Merge branch 'PHP-7.0' into PHP-7.1
* PHP-7.0: (48 commits)
Update NEWs
Unused label
Fixed bug #72853 (stream_set_blocking doesn't work)
fix test
Bug #72663 - part 3
Bug #72663 - part 2
Bug #72663 - part 1
Update NEWS
BLock test with memory leak
fix tests
Fix TSRM build
Fix bug #72850 - integer overflow in uuencode
Fixed bug #72849 - integer overflow in urlencode
Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase
Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
Fix bug #72836 - integer overflow in base64_decode caused heap corruption
Fix for bug #72807 - do not produce strings with negative length
Fix for bug #72790 and bug #72799
Fix bug #72730 - imagegammacorrect allows arbitrary write access
...
Conflicts:
ext/standard/var_unserializer.c
Diffstat (limited to 'ext/mcrypt/mcrypt.c')
| -rw-r--r-- | ext/mcrypt/mcrypt.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c index cf9c2ccdf1..c2c60c2b3c 100644 --- a/ext/mcrypt/mcrypt.c +++ b/ext/mcrypt/mcrypt.c @@ -633,6 +633,10 @@ PHP_FUNCTION(mcrypt_generic) RETURN_FALSE } + if (data_len > INT_MAX) { + php_error_docref(NULL, E_WARNING, "Data size too large, %d maximum", INT_MAX); + RETURN_FALSE; + } /* Check blocksize */ if (mcrypt_enc_is_block_mode(pm->td) == 1) { /* It's a block algorithm */ block_size = mcrypt_enc_get_block_size(pm->td); @@ -645,10 +649,6 @@ PHP_FUNCTION(mcrypt_generic) memset(ZSTR_VAL(data_str), 0, data_size); memcpy(ZSTR_VAL(data_str), data, data_len); } else { /* It's not a block algorithm */ - if (data_len > INT_MAX) { - php_error_docref(NULL, E_WARNING, "Data size too large, %d maximum", INT_MAX); - RETURN_FALSE; - } data_size = (int)data_len; data_str = zend_string_alloc(data_size, 0); memset(ZSTR_VAL(data_str), 0, data_size); @@ -688,6 +688,10 @@ PHP_FUNCTION(mdecrypt_generic) } /* Check blocksize */ + if (data_len > INT_MAX) { + php_error_docref(NULL, E_WARNING, "Data size too large, %d maximum", INT_MAX); + RETURN_FALSE; + } if (mcrypt_enc_is_block_mode(pm->td) == 1) { /* It's a block algorithm */ block_size = mcrypt_enc_get_block_size(pm->td); data_size = ((((int)data_len - 1) / block_size) + 1) * block_size; @@ -699,10 +703,6 @@ PHP_FUNCTION(mdecrypt_generic) memset(data_s, 0, data_size); memcpy(data_s, data, data_len); } else { /* It's not a block algorithm */ - if (data_len > INT_MAX) { - php_error_docref(NULL, E_WARNING, "Data size too large, %d maximum", INT_MAX); - RETURN_FALSE; - } data_size = (int)data_len; data_s = emalloc(data_size + 1); memset(data_s, 0, data_size); |