diff options
author | Stanislav Malyshev <stas@php.net> | 2016-11-03 20:36:52 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2016-11-03 20:36:52 -0700 |
commit | ea9fac94bbae150a81fde0e6542e6b45965772cd (patch) | |
tree | 124f543734d75dd5aecd9743dbe4031b4bd244a9 /ext/xmlrpc | |
parent | 6558559bcc1cd24e3639e4a215e9d546ee05fc48 (diff) | |
download | php-git-ea9fac94bbae150a81fde0e6542e6b45965772cd.tar.gz |
More string length checks & fixes
Diffstat (limited to 'ext/xmlrpc')
-rw-r--r-- | ext/xmlrpc/libxmlrpc/base64.c | 22 | ||||
-rw-r--r-- | ext/xmlrpc/libxmlrpc/simplestring.c | 3 |
2 files changed, 15 insertions, 10 deletions
diff --git a/ext/xmlrpc/libxmlrpc/base64.c b/ext/xmlrpc/libxmlrpc/base64.c index d020bd6646..5ebdf31f7a 100644 --- a/ext/xmlrpc/libxmlrpc/base64.c +++ b/ext/xmlrpc/libxmlrpc/base64.c @@ -15,6 +15,7 @@ static const char rcsid[] = "#(@) $Id$"; /* ENCODE -- Encode binary file into base64. */ #include <stdlib.h> #include <ctype.h> +#include <limits.h> #include "base64.h" @@ -31,6 +32,9 @@ void buffer_new(struct buffer_st *b) void buffer_add(struct buffer_st *b, char c) { + if ((INT_MAX - b->length) <= 512) { + return; + } *(b->ptr++) = c; b->offset++; if (b->offset == b->length) { @@ -54,13 +58,13 @@ void base64_encode_xmlrpc(struct buffer_st *b, const char *source, int length) int i, hiteof = 0; int offset = 0; int olen; - + olen = 0; - + buffer_new(b); - + /* Fill dtable with character encodings. */ - + for (i = 0; i < 26; i++) { dtable[i] = 'A' + i; dtable[26 + i] = 'a' + i; @@ -70,16 +74,16 @@ void base64_encode_xmlrpc(struct buffer_st *b, const char *source, int length) } dtable[62] = '+'; dtable[63] = '/'; - + while (!hiteof) { unsigned char igroup[3], ogroup[4]; int c, n; - + igroup[0] = igroup[1] = igroup[2] = 0; for (n = 0; n < 3; n++) { c = *(source++); offset++; - if (offset > length) { + if (offset > length || offset <= 0) { hiteof = 1; break; } @@ -90,11 +94,11 @@ void base64_encode_xmlrpc(struct buffer_st *b, const char *source, int length) ogroup[1] = dtable[((igroup[0] & 3) << 4) | (igroup[1] >> 4)]; ogroup[2] = dtable[((igroup[1] & 0xF) << 2) | (igroup[2] >> 6)]; ogroup[3] = dtable[igroup[2] & 0x3F]; - + /* Replace characters in output stream with "=" pad characters if fewer than three characters were read from the end of the input stream. */ - + if (n < 3) { ogroup[3] = '='; if (n < 2) { diff --git a/ext/xmlrpc/libxmlrpc/simplestring.c b/ext/xmlrpc/libxmlrpc/simplestring.c index c88754fb9a..98b5c81e42 100644 --- a/ext/xmlrpc/libxmlrpc/simplestring.c +++ b/ext/xmlrpc/libxmlrpc/simplestring.c @@ -80,6 +80,7 @@ static const char rcsid[] = "#(@) $Id$"; #include <stdlib.h> #include <string.h> +#include <limits.h> #include "simplestring.h" #define my_free(thing) if(thing) {free(thing); thing = 0;} @@ -200,7 +201,7 @@ void simplestring_addn(simplestring* target, const char* source, size_t add_len) simplestring_init_str(target); } - if((SIZE_MAX - add_len) < target->len || (SIZE_MAX - add_len - 1) < target->len) { + if((INT_MAX - add_len) < target->len || (INT_MAX - add_len - 1) < target->len) { /* check for overflows, if there's a potential overflow do nothing */ return; } |