Overview

File php7-CVE-2020-7069.patch of Package php7.24757

Index: php-7.4.6/ext/openssl/openssl.c
===================================================================
--- php-7.4.6.orig/ext/openssl/openssl.c	2020-10-09 11:20:13.026340926 +0200
+++ php-7.4.6/ext/openssl/openssl.c	2020-10-09 11:21:59.122963252 +0200
@@ -6522,11 +6522,6 @@ static int php_openssl_validate_iv(char
 {
 	char *iv_new;
 
-	/* Best case scenario, user behaved */
-	if (*piv_len == iv_required_len) {
-		return SUCCESS;
-	}
-
 	if (mode->is_aead) {
 		if (EVP_CIPHER_CTX_ctrl(cipher_ctx, mode->aead_ivlen_flag, *piv_len, NULL) != 1) {
 			php_error_docref(NULL, E_WARNING, "Setting of IV length for AEAD mode failed");
@@ -6535,6 +6530,11 @@ static int php_openssl_validate_iv(char
 		return SUCCESS;
 	}
 
+	/* Best case scenario, user behaved */
+	if (*piv_len == iv_required_len) {
+		return SUCCESS;
+	}
+
 	iv_new = ecalloc(1, iv_required_len + 1);
 
 	if (*piv_len == 0) {
openSUSE Build Service is sponsored by
Places