diff options
| author | Stanislav Malyshev <stas@php.net> | 2016-08-16 23:52:22 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2016-08-16 23:52:22 -0700 |
| commit | 75d7666968573a0abea36b46aae2b0c0ad6eb488 (patch) | |
| tree | 7f8ae5f118e05f973a96af81747317c62f075515 /main | |
| parent | f3231a7c766f28cb7f14bc7c2d21986fcb9740cd (diff) | |
| parent | f8a75d4eee3446fb5c5c493b28b9ee80e34041cc (diff) | |
| download | php-git-75d7666968573a0abea36b46aae2b0c0ad6eb488.tar.gz | |
Merge branch 'PHP-7.0.10' into PHP-7.0
* PHP-7.0.10:
Fix bug #72749: wddx_deserialize allows illegal memory access
Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF
fix tests
Fix bug#72697 - select_colors write out-of-bounds
Fix bug #72708 - php_snmp_parse_oid integer overflow in memory allocation
Fix bug #72730 - imagegammacorrect allows arbitrary write access
Fix bug #72750: wddx_deserialize null dereference
Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack
fix tests
add missing skipif section
Fix for bug #72790 and bug #72799
Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
Fix bug #72742 - memory allocator fails to realloc small block to large one
Use size_t for path length
Check for string overflow
Fix for bug #72782: mcrypt accepts only ints, so don't pass anything else
Fix bug #72674 - check both curl_escape and curl_unescape
Diffstat (limited to 'main')
| -rw-r--r-- | main/fopen_wrappers.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c index c3646ee0fd..bf78db3bdf 100644 --- a/main/fopen_wrappers.c +++ b/main/fopen_wrappers.c @@ -144,7 +144,7 @@ PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path char *path_file; int resolved_basedir_len; int resolved_name_len; - int path_len; + size_t path_len; int nesting_level = 0; /* Special case basedir==".": Use script-directory */ @@ -153,7 +153,7 @@ PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path strlcpy(local_open_basedir, basedir, sizeof(local_open_basedir)); } - path_len = (int)strlen(path); + path_len = strlen(path); if (path_len > (MAXPATHLEN - 1)) { /* empty and too long paths are invalid */ return -1; @@ -164,7 +164,7 @@ PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path return -1; } - path_len = (int)strlen(resolved_name); + path_len = strlen(resolved_name); memcpy(path_tmp, resolved_name, path_len + 1); /* safe */ while (VCWD_REALPATH(path_tmp, resolved_name) == NULL) { |