File php7-CVE-2022-37454.patch of Package php7

Overview Repositories Revisions Requests Users Attributes Meta

File php7-CVE-2022-37454.patch of Package php7

Index: php-7.2.34/ext/hash/sha3/generic32lc/KeccakSponge.inc
===================================================================
--- php-7.2.34.orig/ext/hash/sha3/generic32lc/KeccakSponge.inc
+++ php-7.2.34/ext/hash/sha3/generic32lc/KeccakSponge.inc
@@ -160,7 +160,7 @@ int SpongeAbsorb(SpongeInstance *instanc
     i = 0;
     curData = data;
     while(i < dataByteLen) {
-        if ((instance->byteIOIndex == 0) && (dataByteLen >= (i + rateInBytes))) {
+        if ((instance->byteIOIndex == 0) && (dataByteLen-i >= rateInBytes)) {
 #ifdef SnP_FastLoop_Absorb
             /* processing full blocks first */
             if ((rateInBytes % (SnP_width/200)) == 0) {
@@ -186,9 +186,10 @@ int SpongeAbsorb(SpongeInstance *instanc
         }
         else {
             /* normal lane: using the message queue */
-            partialBlock = (unsigned int)(dataByteLen - i);
-            if (partialBlock+instance->byteIOIndex > rateInBytes)
+            if (dataByteLen-i > rateInBytes-instance->byteIOIndex)
                 partialBlock = rateInBytes-instance->byteIOIndex;
+            else
+                partialBlock = (unsigned int)(dataByteLen - i);
             #ifdef KeccakReference
             displayBytes(1, "Block to be absorbed (part)", curData, partialBlock);
             #endif
@@ -263,7 +264,7 @@ int SpongeSqueeze(SpongeInstance *instan
     i = 0;
     curData = data;
     while(i < dataByteLen) {
-        if ((instance->byteIOIndex == rateInBytes) && (dataByteLen >= (i + rateInBytes))) {
+        if ((instance->byteIOIndex == rateInBytes) && (dataByteLen-i >= rateInBytes)) {
             for(j=dataByteLen-i; j>=rateInBytes; j-=rateInBytes) {
                 SnP_Permute(instance->state);
                 SnP_ExtractBytes(instance->state, curData, 0, rateInBytes);
@@ -280,9 +281,10 @@ int SpongeSqueeze(SpongeInstance *instan
                 SnP_Permute(instance->state);
                 instance->byteIOIndex = 0;
             }
-            partialBlock = (unsigned int)(dataByteLen - i);
-            if (partialBlock+instance->byteIOIndex > rateInBytes)
+            if (dataByteLen-i > rateInBytes-instance->byteIOIndex)
                 partialBlock = rateInBytes-instance->byteIOIndex;
+            else
+                partialBlock = (unsigned int)(dataByteLen - i);
             i += partialBlock;
 
             SnP_ExtractBytes(instance->state, curData, instance->byteIOIndex, partialBlock);
Index: php-7.2.34/ext/hash/sha3/generic64lc/KeccakSponge.inc
===================================================================
--- php-7.2.34.orig/ext/hash/sha3/generic64lc/KeccakSponge.inc
+++ php-7.2.34/ext/hash/sha3/generic64lc/KeccakSponge.inc
@@ -160,7 +160,7 @@ int SpongeAbsorb(SpongeInstance *instanc
     i = 0;
     curData = data;
     while(i < dataByteLen) {
-        if ((instance->byteIOIndex == 0) && (dataByteLen >= (i + rateInBytes))) {
+        if ((instance->byteIOIndex == 0) && (dataByteLen-i >= rateInBytes)) {
 #ifdef SnP_FastLoop_Absorb
             /* processing full blocks first */
             if ((rateInBytes % (SnP_width/200)) == 0) {
@@ -186,9 +186,10 @@ int SpongeAbsorb(SpongeInstance *instanc
         }
         else {
             /* normal lane: using the message queue */
-            partialBlock = (unsigned int)(dataByteLen - i);
-            if (partialBlock+instance->byteIOIndex > rateInBytes)
+            if (dataByteLen-i > rateInBytes-instance->byteIOIndex)
                 partialBlock = rateInBytes-instance->byteIOIndex;
+            else
+                partialBlock = (unsigned int)(dataByteLen - i);
             #ifdef KeccakReference
             displayBytes(1, "Block to be absorbed (part)", curData, partialBlock);
             #endif
@@ -263,7 +264,7 @@ int SpongeSqueeze(SpongeInstance *instan
     i = 0;
     curData = data;
     while(i < dataByteLen) {
-        if ((instance->byteIOIndex == rateInBytes) && (dataByteLen >= (i + rateInBytes))) {
+        if ((instance->byteIOIndex == rateInBytes) && (dataByteLen-i >= rateInBytes)) {
             for(j=dataByteLen-i; j>=rateInBytes; j-=rateInBytes) {
                 SnP_Permute(instance->state);
                 SnP_ExtractBytes(instance->state, curData, 0, rateInBytes);
@@ -280,9 +281,10 @@ int SpongeSqueeze(SpongeInstance *instan
                 SnP_Permute(instance->state);
                 instance->byteIOIndex = 0;
             }
-            partialBlock = (unsigned int)(dataByteLen - i);
-            if (partialBlock+instance->byteIOIndex > rateInBytes)
+            if (dataByteLen-i > rateInBytes-instance->byteIOIndex)
                 partialBlock = rateInBytes-instance->byteIOIndex;
+            else
+                partialBlock = (unsigned int)(dataByteLen - i);
             i += partialBlock;
 
             SnP_ExtractBytes(instance->state, curData, instance->byteIOIndex, partialBlock);

Places

File php7-CVE-2022-37454.patch of Package php7

Places