From bec6bca2de5aaf1a1b186722901dc75ec1529fea Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Sat, 15 Oct 2016 10:17:16 +0200
Subject: PHP 5.5.38 with 15 security fix from 5.6.27

---
 bug73275.patch | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 bug73275.patch

(limited to 'bug73275.patch')

diff --git a/bug73275.patch b/bug73275.patch
new file mode 100644
index 0000000..2b36171
--- /dev/null
+++ b/bug73275.patch
@@ -0,0 +1,49 @@
+Backported from 5.6.27 by Remi.
+
+
+From 8822f7c9f0be2f591f8fa58834c5e1bc529b24dc Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Tue, 11 Oct 2016 13:19:20 -0700
+Subject: [PATCH] fix bug #73275 - crash in openssl_encrypt function
+
+---
+ ext/openssl/openssl.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
+index 844132b..33593e7 100644
+--- a/ext/openssl/openssl.c
++++ b/ext/openssl/openssl.c
+@@ -4939,7 +4939,7 @@ PHP_FUNCTION(openssl_encrypt)
+ 	free_iv = php_openssl_validate_iv(&iv, &iv_len, max_iv_len TSRMLS_CC);
+ 
+ 	outlen = data_len + EVP_CIPHER_block_size(cipher_type);
+-	outbuf = emalloc(outlen + 1);
++	outbuf = safe_emalloc(outlen, 1, 1);
+ 
+ 	EVP_EncryptInit(&cipher_ctx, cipher_type, NULL, NULL);
+ 	if (password_len > keylen) {
+@@ -4957,14 +49575,18 @@ PHP_FUNCTION(openssl_encrypt)
+ 		outlen += i;
+ 		if (options & OPENSSL_RAW_DATA) {
+ 			outbuf[outlen] = '\0';
+-			RETVAL_STRINGL((char *)outbuf, outlen, 0);
++			RETVAL_STRINGL_CHECK((char *)outbuf, outlen, 0);
+ 		} else {
+ 			int base64_str_len;
+ 			char *base64_str;
+ 
+ 			base64_str = (char*)php_base64_encode(outbuf, outlen, &base64_str_len);
+ 			efree(outbuf);
+-			RETVAL_STRINGL(base64_str, base64_str_len, 0);
++			if (!base64_str) {
++				RETVAL_FALSE;
++			} else {
++				RETVAL_STRINGL(base64_str, base64_str_len, 0);
++			}
+ 		}
+ 	} else {
+ 		efree(outbuf);
+-- 
+2.1.4
+
-- 
cgit