[PHP-CVS] cvs: php-src(PHP_5_0) / NEWS /ext/standard uuencode.c

Tue, 24 Aug 2004 08:49:07 -0700 

iliaa           Tue Aug 24 11:25:59 2004 EDT

  Modified files:              (Branch: PHP_5_0)
    /php-src    NEWS 
    /php-src/ext/standard       uuencode.c 
  Log:
  MFH: Fixed bug #29821 (Fixed possible crashes in convert_uudecode() on 
  invalid data).
  
  
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1760.2.52&r2=1.1760.2.53&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1760.2.52 php-src/NEWS:1.1760.2.53
--- php-src/NEWS:1.1760.2.52    Mon Aug 23 05:56:05 2004
+++ php-src/NEWS        Tue Aug 24 11:25:59 2004
@@ -5,6 +5,8 @@
   (Paul Hudson, Derick)
 - Fixed bug with raw_post_data not getting set (Brian)
 - Fixed a file-descriptor leak with phpinfo() and other 'special' URLs (Zeev)
+- Fixed bug #29821 (Fixed possible crashes in convert_uudecode() on invalid
+  data). (Ilia)
 - Fixed bug #29737 (ip2long should return -1 if IP is 255.255.255.255 and FALSE
   on error). (Tony)
 - Fixed bug #29711 (Changed ext/xml to default to UTF-8 output). (Rob)
http://cvs.php.net/diff.php/php-src/ext/standard/uuencode.c?r1=1.3&r2=1.3.2.1&ty=u
Index: php-src/ext/standard/uuencode.c
diff -u php-src/ext/standard/uuencode.c:1.3 php-src/ext/standard/uuencode.c:1.3.2.1
--- php-src/ext/standard/uuencode.c:1.3 Thu Jan  8 03:17:35 2004
+++ php-src/ext/standard/uuencode.c     Tue Aug 24 11:25:59 2004
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: uuencode.c,v 1.3 2004/01/08 08:17:35 andi Exp $ */
+/* $Id: uuencode.c,v 1.3.2.1 2004/08/24 15:25:59 iliaa Exp $ */
 
 /*
  * Portions of this code are based on Berkeley's uuencode/uudecode
@@ -136,9 +136,18 @@
                if ((len = PHP_UU_DEC(*s++)) <= 0) {
                        break;
                }
+               /* sanity check */
+               if (len > src_len) {
+                       goto err;
+               }
+
                total_len += len;
 
                ee = s + (len == 45 ? 60 : (int) floor(len * 1.33));
+               /* sanity check */
+               if (ee > e) {
+                       goto err;
+               }
 
                while (s < ee) {
                        *p++ = PHP_UU_DEC(*s) << 2 | PHP_UU_DEC(*(s + 1)) >> 4;
@@ -168,6 +177,10 @@
        *(*dest + total_len) = '\0';
 
        return total_len;
+
+err:
+       efree(*dest);
+       return -1;
 }
 
 /* {{{ proto string uuencode(string data) 
@@ -199,6 +212,10 @@
        }
 
        dst_len = php_uudecode(src, src_len, &dst);
+       if (dst_len < 0) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "The given parameter is 
not a valid uuencoded string.");
+               RETURN_FALSE;
+       }
 
        RETURN_STRINGL(dst, dst_len, 0);
 }

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to