File php-CVE-2016-7134.patch of Package php5.6680

Overview Repositories Revisions Requests Users Attributes Meta

File php-CVE-2016-7134.patch of Package php5.6680

From 72dbb7f416160f490c4e9987040989a10ad431c7 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Wed, 3 Aug 2016 00:58:55 -0700
Subject: [PATCH] Fix bug #72674 - check both curl_escape and curl_unescape

---
 ext/curl/interface.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

Index: php-5.6.1/ext/curl/interface.c
===================================================================
--- php-5.6.1.orig/ext/curl/interface.c	2014-10-01 11:17:38.000000000 +0200
+++ php-5.6.1/ext/curl/interface.c	2016-09-06 12:48:39.015449861 +0200
@@ -3457,6 +3457,8 @@ PHP_FUNCTION(curl_reset)
 /* }}} */
 #endif
 
+#define ZEND_SIZE_T_INT_OVFL(size) 	UNEXPECTED((size) > (size_t)INT_MAX)
+
 #if LIBCURL_VERSION_NUM > 0x070f03 /* 7.15.4 */
 /* {{{ proto void curl_escape(resource ch, string str)
    URL encodes the given string */
@@ -3473,6 +3475,10 @@ PHP_FUNCTION(curl_escape)
 
 	ZEND_FETCH_RESOURCE(ch, php_curl *, &zid, -1, le_curl_name, le_curl);
 
+	if (ZEND_SIZE_T_INT_OVFL(str_len)) {
+		RETURN_FALSE;
+	}
+
 	if ((res = curl_easy_escape(ch->cp, str, str_len))) {
 		RETVAL_STRING(res, 1);
 		curl_free(res);
@@ -3497,6 +3503,10 @@ PHP_FUNCTION(curl_unescape)
 
 	ZEND_FETCH_RESOURCE(ch, php_curl *, &zid, -1, le_curl_name, le_curl);
 
+	if (ZEND_SIZE_T_INT_OVFL(str_len)) {
+		RETURN_FALSE;
+	}
+
 	if ((out = curl_easy_unescape(ch->cp, str, str_len, &out_len))) {
 		RETVAL_STRINGL(out, out_len, 1);
 		curl_free(out);

Places

File php-CVE-2016-7134.patch of Package php5.6680

Places