1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
Backported from 5.6.27 by Remi.
From 8822f7c9f0be2f591f8fa58834c5e1bc529b24dc Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Tue, 11 Oct 2016 13:19:20 -0700
Subject: [PATCH] fix bug #73275 - crash in openssl_encrypt function
---
ext/openssl/openssl.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 844132b..33593e7 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -4939,7 +4939,7 @@ PHP_FUNCTION(openssl_encrypt)
free_iv = php_openssl_validate_iv(&iv, &iv_len, max_iv_len TSRMLS_CC);
outlen = data_len + EVP_CIPHER_block_size(cipher_type);
- outbuf = emalloc(outlen + 1);
+ outbuf = safe_emalloc(outlen, 1, 1);
EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL);
if (password_len > keylen) {
@@ -4957,14 +49575,18 @@ PHP_FUNCTION(openssl_encrypt)
outlen += i;
if (options & OPENSSL_RAW_DATA) {
outbuf[outlen] = '\0';
- RETVAL_STRINGL((char *)outbuf, outlen, 0);
+ RETVAL_STRINGL_CHECK((char *)outbuf, outlen, 0);
} else {
int base64_str_len;
char *base64_str;
base64_str = (char*)php_base64_encode(outbuf, outlen, &base64_str_len);
efree(outbuf);
- RETVAL_STRINGL(base64_str, base64_str_len, 0);
+ if (!base64_str) {
+ RETVAL_FALSE;
+ } else {
+ RETVAL_STRINGL(base64_str, base64_str_len, 0);
+ }
}
} else {
efree(outbuf);
--
2.1.4
|
