Overview

File php-CVE-2016-7134.patch of Package php7.8192

From 72dbb7f416160f490c4e9987040989a10ad431c7 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Wed, 3 Aug 2016 00:58:55 -0700
Subject: [PATCH] Fix bug #72674 - check both curl_escape and curl_unescape

---
 ext/curl/interface.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

Index: php-7.0.7/ext/curl/interface.c
===================================================================
--- php-7.0.7.orig/ext/curl/interface.c	2016-05-25 15:13:46.000000000 +0200
+++ php-7.0.7/ext/curl/interface.c	2016-09-06 11:22:10.682605638 +0200
@@ -3568,6 +3568,10 @@ PHP_FUNCTION(curl_escape)
 		RETURN_FALSE;
 	}
 
+	if (ZEND_SIZE_T_INT_OVFL(str_len)) {
+		RETURN_FALSE;
+	}
+
 	if ((res = curl_easy_escape(ch->cp, str, str_len))) {
 		RETVAL_STRING(res);
 		curl_free(res);
@@ -3595,6 +3599,10 @@ PHP_FUNCTION(curl_unescape)
 		RETURN_FALSE;
 	}
 
+	if (ZEND_SIZE_T_INT_OVFL(str_len)) {
+		RETURN_FALSE;
+	}
+
 	if ((out = curl_easy_unescape(ch->cp, str, str_len, &out_len))) {
 		RETVAL_STRINGL(out, out_len);
 		curl_free(out);
openSUSE Build Service is sponsored by
Places