Merge branch 'PHP-5.6' into PHP-7.0

* PHP-5.6: More string length checks & fixes
author: Stanislav Malyshev <stas@php.net> 2016-11-03 20:45:13 -0700
committer: Stanislav Malyshev <stas@php.net> 2016-11-03 20:46:25 -0700
commit: 6e12e49b5be06b4346e3d7802ea9b09f9f1abd7b (patch)
tree: 4f1594c43a95c5ddd99b28098d60241bd4fff9bd /ext/xmlrpc/libxmlrpc/base64.c
parent: 7f2b7a4950bf30e6a13e89456275f53e5b66eb1f (diff)
parent: ea9fac94bbae150a81fde0e6542e6b45965772cd (diff)
download: php-git-6e12e49b5be06b4346e3d7802ea9b09f9f1abd7b.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/ext/xmlrpc/libxmlrpc/base64.c b/ext/xmlrpc/libxmlrpc/base64.c
index fa6cc32b51..5ebdf31f7a 100644
--- a/ext/xmlrpc/libxmlrpc/base64.c
+++ b/ext/xmlrpc/libxmlrpc/base64.c
@@ -15,6 +15,7 @@ static const char rcsid[] = "#(@) $Id$";
 /*  ENCODE  --	Encode binary file into base64.  */
 #include <stdlib.h>
 #include <ctype.h>
+#include <limits.h>
 
 #include "base64.h"
 
@@ -31,6 +32,9 @@ void buffer_new(struct buffer_st *b)
 
 void buffer_add(struct buffer_st *b, char c)
 {
+  if ((INT_MAX - b->length) <= 512) {
+		return;
+  }
   *(b->ptr++) = c;
   b->offset++;
   if (b->offset == b->length) {
@@ -79,7 +83,7 @@ void base64_encode_xmlrpc(struct buffer_st *b, const char *source, int length)
     for (n = 0; n < 3; n++) {
       c = *(source++);
       offset++;
-      if (offset > length) {
+      if (offset > length || offset <= 0) {
 	hiteof = 1;
 	break;
       }
author	Stanislav Malyshev <stas@php.net>	2016-11-03 20:45:13 -0700
committer	Stanislav Malyshev <stas@php.net>	2016-11-03 20:46:25 -0700
commit	6e12e49b5be06b4346e3d7802ea9b09f9f1abd7b (patch)
tree	4f1594c43a95c5ddd99b28098d60241bd4fff9bd /ext/xmlrpc/libxmlrpc/base64.c
parent	7f2b7a4950bf30e6a13e89456275f53e5b66eb1f (diff)
parent	ea9fac94bbae150a81fde0e6542e6b45965772cd (diff)
download	php-git-6e12e49b5be06b4346e3d7802ea9b09f9f1abd7b.tar.gz