[PHP-CVS] cvs: php-src /ext/standard var_unserializer.c var_unserializer.re

Wed, 23 Feb 2005 10:33:14 -0800 

sesser          Wed Feb 23 13:26:40 2005 EDT

  Modified files:              
    /php-src/ext/standard       var_unserializer.c var_unserializer.re 
  Log:
  Correcting bounds check before someone uses this code
  
  
  
http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.c?r1=1.54&r2=1.55&ty=u
Index: php-src/ext/standard/var_unserializer.c
diff -u php-src/ext/standard/var_unserializer.c:1.54 
php-src/ext/standard/var_unserializer.c:1.55
--- php-src/ext/standard/var_unserializer.c:1.54        Wed Feb 23 06:17:52 2005
+++ php-src/ext/standard/var_unserializer.c     Wed Feb 23 13:26:38 2005
@@ -18,7 +18,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: var_unserializer.c,v 1.54 2005/02/23 11:17:52 stas Exp $ */
+/* $Id: var_unserializer.c,v 1.55 2005/02/23 18:26:38 sesser Exp $ */
 
 #include "php.h"
 #include "ext/standard/php_var.h"
@@ -290,7 +290,7 @@
 
        (*p) += 2;
 
-       if((*p) + datalen >= max) {
+       if(datalen < 0 || (*p) + datalen >= max) {
                zend_error(E_WARNING, "Unsifficient data for unserializing - %d 
required, %d present", datalen, max - (*p));
                return 0;
        }
http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?r1=1.42&r2=1.43&ty=u
Index: php-src/ext/standard/var_unserializer.re
diff -u php-src/ext/standard/var_unserializer.re:1.42 
php-src/ext/standard/var_unserializer.re:1.43
--- php-src/ext/standard/var_unserializer.re:1.42       Wed Feb 23 06:17:52 2005
+++ php-src/ext/standard/var_unserializer.re    Wed Feb 23 13:26:39 2005
@@ -16,7 +16,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: var_unserializer.re,v 1.42 2005/02/23 11:17:52 stas Exp $ */
+/* $Id: var_unserializer.re,v 1.43 2005/02/23 18:26:39 sesser Exp $ */
 
 #include "php.h"
 #include "ext/standard/php_var.h"
@@ -294,7 +294,7 @@
 
        (*p) += 2;
 
-       if((*p) + datalen >= max) {
+       if(datalen < 0 || (*p) + datalen >= max) {
                zend_error(E_WARNING, "Unsifficient data for unserializing - %d 
required, %d present", datalen, max - (*p));
                return 0;
        }

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to