File php7-CVE-2020-7069.patch of Package php7.16735
Index: php-7.4.6/ext/openssl/openssl.c
===================================================================
--- php-7.4.6.orig/ext/openssl/openssl.c 2020-10-09 11:20:13.026340926 +0200
+++ php-7.4.6/ext/openssl/openssl.c 2020-10-09 11:21:59.122963252 +0200
@@ -6522,11 +6522,6 @@ static int php_openssl_validate_iv(char
{
char *iv_new;
- /* Best case scenario, user behaved */
- if (*piv_len == iv_required_len) {
- return SUCCESS;
- }
-
if (mode->is_aead) {
if (EVP_CIPHER_CTX_ctrl(cipher_ctx, mode->aead_ivlen_flag, *piv_len, NULL) != 1) {
php_error_docref(NULL, E_WARNING, "Setting of IV length for AEAD mode failed");
@@ -6535,6 +6530,11 @@ static int php_openssl_validate_iv(char
return SUCCESS;
}
+ /* Best case scenario, user behaved */
+ if (*piv_len == iv_required_len) {
+ return SUCCESS;
+ }
+
iv_new = ecalloc(1, iv_required_len + 1);
if (*piv_len == 0) {