Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
php5.14088
php-CVE-2016-7134.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-CVE-2016-7134.patch of Package php5.14088
From 72dbb7f416160f490c4e9987040989a10ad431c7 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev <stas@php.net> Date: Wed, 3 Aug 2016 00:58:55 -0700 Subject: [PATCH] Fix bug #72674 - check both curl_escape and curl_unescape --- ext/curl/interface.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) Index: php-5.6.1/ext/curl/interface.c =================================================================== --- php-5.6.1.orig/ext/curl/interface.c 2014-10-01 11:17:38.000000000 +0200 +++ php-5.6.1/ext/curl/interface.c 2016-09-06 12:48:39.015449861 +0200 @@ -3457,6 +3457,8 @@ PHP_FUNCTION(curl_reset) /* }}} */ #endif +#define ZEND_SIZE_T_INT_OVFL(size) UNEXPECTED((size) > (size_t)INT_MAX) + #if LIBCURL_VERSION_NUM > 0x070f03 /* 7.15.4 */ /* {{{ proto void curl_escape(resource ch, string str) URL encodes the given string */ @@ -3473,6 +3475,10 @@ PHP_FUNCTION(curl_escape) ZEND_FETCH_RESOURCE(ch, php_curl *, &zid, -1, le_curl_name, le_curl); + if (ZEND_SIZE_T_INT_OVFL(str_len)) { + RETURN_FALSE; + } + if ((res = curl_easy_escape(ch->cp, str, str_len))) { RETVAL_STRING(res, 1); curl_free(res); @@ -3497,6 +3503,10 @@ PHP_FUNCTION(curl_unescape) ZEND_FETCH_RESOURCE(ch, php_curl *, &zid, -1, le_curl_name, le_curl); + if (ZEND_SIZE_T_INT_OVFL(str_len)) { + RETURN_FALSE; + } + if ((out = curl_easy_unescape(ch->cp, str, str_len, &out_len))) { RETVAL_STRINGL(out, out_len, 1); curl_free(out);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor