Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Maintenance:6538
php5.openSUSE_Leap_42.2_Update
php-CVE-2016-5769.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-CVE-2016-5769.patch of Package php5.openSUSE_Leap_42.2_Update
Index: php-5.6.1/ext/mcrypt/mcrypt.c =================================================================== --- php-5.6.1.orig/ext/mcrypt/mcrypt.c 2016-06-27 16:25:27.029316365 +0200 +++ php-5.6.1/ext/mcrypt/mcrypt.c 2016-06-27 16:31:30.631331685 +0200 @@ -635,6 +635,10 @@ PHP_FUNCTION(mcrypt_generic) /* Check blocksize */ if (mcrypt_enc_is_block_mode(pm->td) == 1) { /* It's a block algorithm */ block_size = mcrypt_enc_get_block_size(pm->td); + if (data_len - 1 <= 0 || data_len >= INT_MAX-block_size) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Integer overflow in data size"); + RETURN_FALSE; + } data_size = (((data_len - 1) / block_size) + 1) * block_size; data_s = emalloc(data_size + 1); memset(data_s, 0, data_size); @@ -680,6 +684,10 @@ PHP_FUNCTION(mdecrypt_generic) /* Check blocksize */ if (mcrypt_enc_is_block_mode(pm->td) == 1) { /* It's a block algorithm */ block_size = mcrypt_enc_get_block_size(pm->td); + if (data_len - 1 <= 0 || data_len >= INT_MAX-block_size) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Integer overflow in data size"); + RETURN_FALSE; + } data_size = (((data_len - 1) / block_size) + 1) * block_size; data_s = emalloc(data_size + 1); memset(data_s, 0, data_size);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor