My Alpine packages repository.
https://dryabzhinsky.noip.me/packages/en/alpinelinux-support/
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
46 lines
1.2 KiB
46 lines
1.2 KiB
From 05255749139b3686c8a6a58ee01131ac0047465e Mon Sep 17 00:00:00 2001 |
|
From: Stanislav Malyshev <stas@php.net> |
|
Date: Tue, 20 Jun 2017 00:09:01 -0700 |
|
Subject: [PATCH] Fix bug #74603 - use correct buffer size |
|
|
|
--- |
|
Zend/tests/bug74603.ini | 1 + |
|
Zend/tests/bug74603.phpt | 15 +++++++++++++++ |
|
Zend/zend_ini_parser.y | 2 +- |
|
3 files changed, 17 insertions(+), 1 deletion(-) |
|
create mode 100644 Zend/tests/bug74603.ini |
|
create mode 100644 Zend/tests/bug74603.phpt |
|
|
|
--- /dev/null |
|
+++ b/Zend/tests/bug74603.ini |
|
@@ -0,0 +1 @@ |
|
+0=0&~2000000000 |
|
--- /dev/null |
|
+++ b/Zend/tests/bug74603.phpt |
|
@@ -0,0 +1,15 @@ |
|
+--TEST-- |
|
+Bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability) |
|
+--SKIPIF-- |
|
+<?php |
|
+if (PHP_INT_MAX !== 2147483647) |
|
+ die('skip for 32-bit only'); |
|
+--FILE-- |
|
+<?php |
|
+var_dump(parse_ini_file(__DIR__ . "/bug74603.ini", true, INI_SCANNER_NORMAL)); |
|
+?> |
|
+--EXPECT-- |
|
+array(1) { |
|
+ [0]=> |
|
+ string(1) "0" |
|
+} |
|
--- a/Zend/zend_ini_parser.y |
|
+++ b/Zend/zend_ini_parser.y |
|
@@ -49,7 +49,7 @@ static void zend_ini_do_op(char type, zv |
|
{ |
|
int i_result; |
|
int i_op1, i_op2; |
|
- char str_result[MAX_LENGTH_OF_LONG]; |
|
+ char str_result[MAX_LENGTH_OF_LONG+1]; |
|
|
|
i_op1 = atoi(Z_STRVAL_P(op1)); |
|
free(Z_STRVAL_P(op1));
|
|
|