diff options
author | Remi Collet <fedora@famillecollet.com> | 2016-10-15 10:17:16 +0200 |
---|---|---|
committer | Remi Collet <fedora@famillecollet.com> | 2016-10-15 10:17:16 +0200 |
commit | 4b420dae109ee4ca511cbbba0c209ea5c30513b1 (patch) | |
tree | 42455720cf6f84373a188131f32267996646c48f /bug73276.patch | |
parent | 661f662d2fe7ae74585367e5757bb04fbdea717b (diff) |
PHP 5.5.38 with 15 security fix from 5.6.27
Diffstat (limited to 'bug73276.patch')
-rw-r--r-- | bug73276.patch | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/bug73276.patch b/bug73276.patch new file mode 100644 index 0000000..3f5fd3c --- /dev/null +++ b/bug73276.patch @@ -0,0 +1,42 @@ +Backported from 5.6.27 by Remi. + + +From 85a22a0af0722ef3a8d49a056a0b2b18be1fb981 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev <stas@php.net> +Date: Tue, 11 Oct 2016 13:37:47 -0700 +Subject: [PATCH] Fix bug #73276 - crash in openssl_random_pseudo_bytes + function + +--- + ext/openssl/openssl.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c +index 33593e7..01f2a09 100644 +--- a/ext/openssl/openssl.c ++++ b/ext/openssl/openssl.c +@@ -5145,16 +5145,16 @@ PHP_FUNCTION(openssl_random_pseudo_bytes) + return; + } + +- if (buffer_length <= 0) { +- RETURN_FALSE; +- } +- + if (zstrong_result_returned) { + zval_dtor(zstrong_result_returned); + ZVAL_BOOL(zstrong_result_returned, 0); + } + +- buffer = emalloc(buffer_length + 1); ++ if (buffer_length <= 0 || buffer_length > INT_MAX) { ++ RETURN_FALSE; ++ } ++ ++ buffer = safe_emalloc(buffer_length, 1, 1); + + #ifdef PHP_WIN32 + /* random/urandom equivalent on Windows */ +-- +2.1.4 + |