Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
php5.7363
php-CVE-2016-6296.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-CVE-2016-6296.patch of Package php5.7363
X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fxmlrpc%2Flibxmlrpc%2Fsimplestring.h;h=7e88cd0ef04a10dd7ded47c21b09c37b5e9e0bed;hp=c5d98cf1d8e014b82a4bd192898b28fd3f01f1f6;hb=e6c48213c22ed50b2b987b479fcc1ac709394caa;hpb=d1a491acf31cf6d2ba65cc7c46fe963a510cd91f Index: php-7.0.7/ext/xmlrpc/libxmlrpc/simplestring.h =================================================================== --- php-7.0.7.orig/ext/xmlrpc/libxmlrpc/simplestring.h 2016-05-25 15:13:51.000000000 +0200 +++ php-7.0.7/ext/xmlrpc/libxmlrpc/simplestring.h 2016-08-03 15:39:05.247789304 +0200 @@ -63,7 +63,7 @@ void simplestring_init(simplestring* str void simplestring_clear(simplestring* string); void simplestring_free(simplestring* string); void simplestring_add(simplestring* string, const char* add); -void simplestring_addn(simplestring* string, const char* add, int add_len); +void simplestring_addn(simplestring* string, const char* add, size_t add_len); #ifdef __cplusplus } Index: php-7.0.7/ext/xmlrpc/libxmlrpc/simplestring.c =================================================================== --- php-7.0.7.orig/ext/xmlrpc/libxmlrpc/simplestring.c 2016-05-25 15:13:51.000000000 +0200 +++ php-7.0.7/ext/xmlrpc/libxmlrpc/simplestring.c 2016-08-03 15:41:19.517986375 +0200 @@ -79,6 +79,7 @@ static const char rcsid[] = "#(@) $Id$"; ******/ #include <stdlib.h> +#include <stdint.h> #include <string.h> #include "simplestring.h" @@ -190,18 +191,31 @@ void simplestring_free(simplestring* str * simplestring_add () * SOURCE */ -void simplestring_addn(simplestring* target, const char* source, int add_len) { +void simplestring_addn(simplestring* target, const char* source, size_t add_len) { + size_t newsize = target->size, incr = 0; if(target && source) { if(!target->str) { simplestring_init_str(target); } + + if((SIZE_MAX - add_len) < target->len || (SIZE_MAX - add_len - 1) < target->len) { + /* check for overflows, if there's a potential overflow do nothing */ + return; + } + if(target->len + add_len + 1 > target->size) { /* newsize is current length + new length */ - int newsize = target->len + add_len + 1; - int incr = target->size * 2; + newsize = target->len + add_len + 1; + incr = target->size * 2; /* align to SIMPLESTRING_INCR increments */ - newsize = newsize - (newsize % incr) + incr; + if (incr) { + newsize = newsize - (newsize % incr) + incr; + } + if(newsize < (target->len + add_len + 1)) { + /* some kind of overflow happened */ + return; + } target->str = (char*)realloc(target->str, newsize); target->size = target->str ? newsize : 0;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor