summaryrefslogtreecommitdiffstats
path: root/bug73276.patch
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2016-10-15 10:17:16 +0200
committerRemi Collet <fedora@famillecollet.com>2016-10-15 10:17:16 +0200
commit4b420dae109ee4ca511cbbba0c209ea5c30513b1 (patch)
tree42455720cf6f84373a188131f32267996646c48f /bug73276.patch
parent661f662d2fe7ae74585367e5757bb04fbdea717b (diff)
PHP 5.5.38 with 15 security fix from 5.6.27
Diffstat (limited to 'bug73276.patch')
-rw-r--r--bug73276.patch42
1 files changed, 42 insertions, 0 deletions
diff --git a/bug73276.patch b/bug73276.patch
new file mode 100644
index 0000000..3f5fd3c
--- /dev/null
+++ b/bug73276.patch
@@ -0,0 +1,42 @@
+Backported from 5.6.27 by Remi.
+
+
+From 85a22a0af0722ef3a8d49a056a0b2b18be1fb981 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Tue, 11 Oct 2016 13:37:47 -0700
+Subject: [PATCH] Fix bug #73276 - crash in openssl_random_pseudo_bytes
+ function
+
+---
+ ext/openssl/openssl.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
+index 33593e7..01f2a09 100644
+--- a/ext/openssl/openssl.c
++++ b/ext/openssl/openssl.c
+@@ -5145,16 +5145,16 @@ PHP_FUNCTION(openssl_random_pseudo_bytes)
+ return;
+ }
+
+- if (buffer_length <= 0) {
+- RETURN_FALSE;
+- }
+-
+ if (zstrong_result_returned) {
+ zval_dtor(zstrong_result_returned);
+ ZVAL_BOOL(zstrong_result_returned, 0);
+ }
+
+- buffer = emalloc(buffer_length + 1);
++ if (buffer_length <= 0 || buffer_length > INT_MAX) {
++ RETURN_FALSE;
++ }
++
++ buffer = safe_emalloc(buffer_length, 1, 1);
+
+ #ifdef PHP_WIN32
+ /* random/urandom equivalent on Windows */
+--
+2.1.4
+