Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:GA
php7
php-CVE-2016-7134.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-CVE-2016-7134.patch of Package php7
From 72dbb7f416160f490c4e9987040989a10ad431c7 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev <stas@php.net> Date: Wed, 3 Aug 2016 00:58:55 -0700 Subject: [PATCH] Fix bug #72674 - check both curl_escape and curl_unescape --- ext/curl/interface.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) Index: php-7.0.7/ext/curl/interface.c =================================================================== --- php-7.0.7.orig/ext/curl/interface.c 2016-05-25 15:13:46.000000000 +0200 +++ php-7.0.7/ext/curl/interface.c 2016-09-06 11:22:10.682605638 +0200 @@ -3568,6 +3568,10 @@ PHP_FUNCTION(curl_escape) RETURN_FALSE; } + if (ZEND_SIZE_T_INT_OVFL(str_len)) { + RETURN_FALSE; + } + if ((res = curl_easy_escape(ch->cp, str, str_len))) { RETVAL_STRING(res); curl_free(res); @@ -3595,6 +3599,10 @@ PHP_FUNCTION(curl_unescape) RETURN_FALSE; } + if (ZEND_SIZE_T_INT_OVFL(str_len)) { + RETURN_FALSE; + } + if ((out = curl_easy_unescape(ch->cp, str, str_len, &out_len))) { RETVAL_STRINGL(out, out_len); curl_free(out);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor