diff options
Diffstat (limited to 'bug73275.patch')
-rw-r--r-- | bug73275.patch | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/bug73275.patch b/bug73275.patch new file mode 100644 index 0000000..2b36171 --- /dev/null +++ b/bug73275.patch @@ -0,0 +1,49 @@ +Backported from 5.6.27 by Remi. + + +From 8822f7c9f0be2f591f8fa58834c5e1bc529b24dc Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev <stas@php.net> +Date: Tue, 11 Oct 2016 13:19:20 -0700 +Subject: [PATCH] fix bug #73275 - crash in openssl_encrypt function + +--- + ext/openssl/openssl.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c +index 844132b..33593e7 100644 +--- a/ext/openssl/openssl.c ++++ b/ext/openssl/openssl.c +@@ -4939,7 +4939,7 @@ PHP_FUNCTION(openssl_encrypt) + free_iv = php_openssl_validate_iv(&iv, &iv_len, max_iv_len TSRMLS_CC); + + outlen = data_len + EVP_CIPHER_block_size(cipher_type); +- outbuf = emalloc(outlen + 1); ++ outbuf = safe_emalloc(outlen, 1, 1); + + EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL); + if (password_len > keylen) { +@@ -4957,14 +49575,18 @@ PHP_FUNCTION(openssl_encrypt) + outlen += i; + if (options & OPENSSL_RAW_DATA) { + outbuf[outlen] = '\0'; +- RETVAL_STRINGL((char *)outbuf, outlen, 0); ++ RETVAL_STRINGL_CHECK((char *)outbuf, outlen, 0); + } else { + int base64_str_len; + char *base64_str; + + base64_str = (char*)php_base64_encode(outbuf, outlen, &base64_str_len); + efree(outbuf); +- RETVAL_STRINGL(base64_str, base64_str_len, 0); ++ if (!base64_str) { ++ RETVAL_FALSE; ++ } else { ++ RETVAL_STRINGL(base64_str, base64_str_len, 0); ++ } + } + } else { + efree(outbuf); +-- +2.1.4 + |