disallow negative length

author: Stanislav Malyshev <stas@php.net> 2007-02-24 01:18:14 +0000
committer: Stanislav Malyshev <stas@php.net> 2007-02-24 01:18:14 +0000
commit: 3e262bd36989898ac01224f0a987e79f44d25b31 (patch)
tree: 561dda5492570e6d6f13535abe4375ec75b2a82e /ext/session/session.c
parent: c3935671cd12182a39c15b973c99b6b89b94920a (diff)
download: php-git-3e262bd36989898ac01224f0a987e79f44d25b31.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/ext/session/session.c b/ext/session/session.c
index 6b72224882..a87e312ad9 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -478,7 +478,7 @@ PS_SERIALIZER_DECODE_FUNC(php_binary)
 		zval **tmp;
 		namelen = *p & (~PS_BIN_UNDEF);
 
-		if (namelen > PS_BIN_MAX || (p + namelen) >= endptr) {
+		if (namelen < 0 || namelen > PS_BIN_MAX || (p + namelen) >= endptr) {
 			return FAILURE;
 		}
author	Stanislav Malyshev <stas@php.net>	2007-02-24 01:18:14 +0000
committer	Stanislav Malyshev <stas@php.net>	2007-02-24 01:18:14 +0000
commit	3e262bd36989898ac01224f0a987e79f44d25b31 (patch)
tree	561dda5492570e6d6f13535abe4375ec75b2a82e /ext/session/session.c
parent	c3935671cd12182a39c15b973c99b6b89b94920a (diff)
download	php-git-3e262bd36989898ac01224f0a987e79f44d25b31.tar.gz