My Alpine packages repository.
https://dryabzhinsky.noip.me/packages/en/alpinelinux-support/
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34 lines
1.2 KiB
34 lines
1.2 KiB
Index: php5-5.4.45/ext/standard/file.c |
|
=================================================================== |
|
--- php5-5.4.45.orig/ext/standard/file.c 2016-06-19 11:37:18.000000000 +0200 |
|
+++ php5-5.4.45/ext/standard/file.c 2016-06-19 11:37:18.000000000 +0200 |
|
@@ -1752,6 +1752,12 @@ |
|
RETURN_FALSE; |
|
} |
|
|
|
+ if (len > INT_MAX) { |
|
+ /* string length is int in 5.x so we can not read more than int */ |
|
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter must be no more than %d", INT_MAX); |
|
+ RETURN_FALSE; |
|
+ } |
|
+ |
|
Z_STRVAL_P(return_value) = emalloc(len + 1); |
|
Z_STRLEN_P(return_value) = php_stream_read(stream, Z_STRVAL_P(return_value), len); |
|
|
|
Index: php5-5.4.45/ext/standard/tests/file/bug72114.phpt |
|
=================================================================== |
|
--- /dev/null 1970-01-01 00:00:00.000000000 +0000 |
|
+++ php5-5.4.45/ext/standard/tests/file/bug72114.phpt 2016-06-19 11:37:18.000000000 +0200 |
|
@@ -0,0 +1,12 @@ |
|
+--TEST-- |
|
+Bug #72114 (Integer underflow / arbitrary null write in fread/gzread) |
|
+--FILE-- |
|
+<?php |
|
+ini_set('memory_limit', "2500M"); |
|
+$fp = fopen("/dev/zero", "r"); |
|
+fread($fp, 2147483648); |
|
+?> |
|
+Done |
|
+--EXPECTF-- |
|
+Warning: fread(): Length parameter must be no more than 2147483647 in %s/bug72114.php on line %d |
|
+Done
|
|
|