Overview

File php-CVE-2015-4022.patch of Package php5.14673

From ac2832935435556dc593784cd0087b5e576bbe4d Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Wed, 29 Apr 2015 21:57:33 -0700
Subject: [PATCH] Fix bug #69545 - avoid overflow when reading list

--- ext/ftp/ftp.c
+++ ext/ftp/ftp.c
@@ -1615,8 +1615,8 @@ ftp_genlist(ftpbuf_t *ftp, const char *cmd, const char *path TSRMLS_DC)
 	databuf_t	*data = NULL;
 	char		*ptr;
 	int		ch, lastch;
-	int		size, rcvd;
-	int		lines;
+	size_t		size, rcvd;
+	size_t		lines;
 	char		**ret = NULL;
 	char		**entry;
 	char		*text;
@@ -1658,7 +1658,7 @@ ftp_genlist(ftpbuf_t *ftp, const char *cmd, const char *path TSRMLS_DC)
 	lines = 0;
 	lastch = 0;
 	while ((rcvd = my_recv(ftp, data->fd, data->buf, FTP_BUFSIZE))) {
-		if (rcvd == -1) {
+		if (rcvd == -1 || rcvd > ((size_t)(-1))-size) {
 			goto bail;
 		}
openSUSE Build Service is sponsored by
Places