Overview

File php-5.2.14-CVE-2011-0755.patch of Package php5

Index: ext/standard/tests/general_functions/bug46587.phpt
===================================================================
--- /dev/null
+++ ext/standard/tests/general_functions/bug46587.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #46587 (mt_rand() does not check that max is greater than min).
+--FILE--
+<?php
+var_dump(mt_rand(3,8));
+var_dump(mt_rand(8,3));
+echo "Done.\n";
+?>
+--EXPECTF--
+int(%d)
+Warning: mt_rand(): max(3) is smaller than min(8) in %s on line %d
+bool(false)
+Done. 
+
Index: ext/standard/rand.c
===================================================================
--- ext/standard/rand.c.orig
+++ ext/standard/rand.c
@@ -315,8 +315,14 @@ PHP_FUNCTION(mt_rand)
 	long number;
 	int  argc = ZEND_NUM_ARGS();
 
-	if (argc != 0 && zend_parse_parameters(argc TSRMLS_CC, "ll", &min, &max) == FAILURE)
-		return;
+       if (argc != 0) {
+               if (zend_parse_parameters(argc TSRMLS_CC, "ll", &min, &max) == FAILURE) {
+                       return;
+               } else if (max < min) {
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "max(%ld) is smaller than min(%ld)", max, min);
+                       RETURN_FALSE;
+               }
+       }
 
 	if (!BG(mt_rand_is_seeded)) {
 		php_mt_srand(GENERATE_SEED() TSRMLS_CC);
openSUSE Build Service is sponsored by
Places