diff options
| author | Stanislav Malyshev <stas@php.net> | 2015-08-04 14:10:57 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2015-08-04 14:10:57 -0700 |
| commit | 69ed3969dd3b00feaa62f611c5095e27ba96274d (patch) | |
| tree | 0eaaac44be832888b856808ec83153f42ccc577c /ext/openssl | |
| parent | 66edc158755a8e960499913f16f6455797bb5803 (diff) | |
| parent | 51f9a00b47159ed13dfe5bd5af7e98986aa1a6fa (diff) | |
| download | php-git-69ed3969dd3b00feaa62f611c5095e27ba96274d.tar.gz | |
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
Fix bug #70019 - limit extracted files to given directory
Do not do convert_to_* on unserialize, it messes up references
Fix #69793 - limit what we accept when unserializing exception
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
ignore signatures for packages too
Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
Fixed bug #69892
Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
Improved fix for Bug #69441
Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
Fix bug #70081: check types for SOAP variables
Conflicts:
.gitignore
ext/date/php_date.c
ext/spl/spl_array.c
ext/spl/spl_observer.c
Diffstat (limited to 'ext/openssl')
| -rw-r--r-- | ext/openssl/openssl.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 9c4131f608..fb3069a4a7 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -5136,7 +5136,6 @@ PHP_FUNCTION(openssl_random_pseudo_bytes) long buffer_length; unsigned char *buffer = NULL; zval *zstrong_result_returned = NULL; - int strong_result = 0; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l|z", &buffer_length, &zstrong_result_returned) == FAILURE) { return; @@ -5154,7 +5153,6 @@ PHP_FUNCTION(openssl_random_pseudo_bytes) buffer = emalloc(buffer_length + 1); #ifdef PHP_WIN32 - strong_result = 1; /* random/urandom equivalent on Windows */ if (php_win32_get_random_bytes(buffer, (size_t) buffer_length) == FAILURE){ efree(buffer); @@ -5164,7 +5162,7 @@ PHP_FUNCTION(openssl_random_pseudo_bytes) RETURN_FALSE; } #else - if ((strong_result = RAND_pseudo_bytes(buffer, buffer_length)) < 0) { + if (RAND_bytes(buffer, buffer_length) <= 0) { efree(buffer); if (zstrong_result_returned) { ZVAL_BOOL(zstrong_result_returned, 0); @@ -5177,7 +5175,7 @@ PHP_FUNCTION(openssl_random_pseudo_bytes) RETVAL_STRINGL((char *)buffer, buffer_length, 0); if (zstrong_result_returned) { - ZVAL_BOOL(zstrong_result_returned, strong_result); + ZVAL_BOOL(zstrong_result_returned, 1); } } /* }}} */ |