Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
php7.9549
php-CVE-2016-5769.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-CVE-2016-5769.patch of Package php7.9549
Index: php-7.0.7/ext/mcrypt/mcrypt.c =================================================================== --- php-7.0.7.orig/ext/mcrypt/mcrypt.c 2016-05-25 15:14:12.000000000 +0200 +++ php-7.0.7/ext/mcrypt/mcrypt.c 2016-06-27 16:04:00.276188986 +0200 @@ -636,6 +636,10 @@ PHP_FUNCTION(mcrypt_generic) /* Check blocksize */ if (mcrypt_enc_is_block_mode(pm->td) == 1) { /* It's a block algorithm */ block_size = mcrypt_enc_get_block_size(pm->td); + if ((int)data_len - 1 <= 0 || data_len >= INT_MAX-block_size) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Integer overflow in data size"); + RETURN_FALSE; + } data_size = ((((int)data_len - 1) / block_size) + 1) * block_size; data_str = zend_string_alloc(data_size, 0); memset(ZSTR_VAL(data_str), 0, data_size); @@ -682,6 +686,10 @@ PHP_FUNCTION(mdecrypt_generic) /* Check blocksize */ if (mcrypt_enc_is_block_mode(pm->td) == 1) { /* It's a block algorithm */ block_size = mcrypt_enc_get_block_size(pm->td); + if ((int)data_len - 1 <= 0 || data_len >= INT_MAX-block_size) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Integer overflow in data size"); + RETURN_FALSE; + } data_size = ((((int)data_len - 1) / block_size) + 1) * block_size; data_s = emalloc(data_size + 1); memset(data_s, 0, data_size);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor