iliaa Wed Jul 28 19:21:54 2004 EDT
Modified files:
/php-src/ext/standard streamsfuncs.c
Log:
Fixed possible crash in stream_socket_recvfrom() when length parameter has
a negative value.
http://cvs.php.net/diff.php/php-src/ext/standard/streamsfuncs.c?r1=1.36&r2=1.37&ty=u
Index: php-src/ext/standard/streamsfuncs.c
diff -u php-src/ext/standard/streamsfuncs.c:1.36
php-src/ext/standard/streamsfuncs.c:1.37
--- php-src/ext/standard/streamsfuncs.c:1.36 Thu Jul 22 08:12:28 2004
+++ php-src/ext/standard/streamsfuncs.c Wed Jul 28 19:21:54 2004
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: streamsfuncs.c,v 1.36 2004/07/22 12:12:28 wez Exp $ */
+/* $Id: streamsfuncs.c,v 1.37 2004/07/28 23:21:54 iliaa Exp $ */
#include "php.h"
#include "php_globals.h"
@@ -316,6 +316,11 @@
zval_dtor(zremote);
ZVAL_NULL(zremote);
Z_STRLEN_P(zremote) = 0;
+ }
+
+ if (to_read <= 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter must be
greater than 0.");
+ RETURN_FALSE;
}
read_buf = emalloc(to_read + 1);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
