iliaa Thu Feb 15 01:15:45 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/mcrypt mcrypt.c
Log:
Improved validation route for size parameter of the mcrypt_create_iv()
function.
http://cvs.php.net/viewvc.cgi/php-src/ext/mcrypt/mcrypt.c?r1=1.91.2.3.2.7&r2=1.91.2.3.2.8&diff_format=u
Index: php-src/ext/mcrypt/mcrypt.c
diff -u php-src/ext/mcrypt/mcrypt.c:1.91.2.3.2.7
php-src/ext/mcrypt/mcrypt.c:1.91.2.3.2.8
--- php-src/ext/mcrypt/mcrypt.c:1.91.2.3.2.7 Mon Jan 1 09:36:02 2007
+++ php-src/ext/mcrypt/mcrypt.c Thu Feb 15 01:15:45 2007
@@ -16,7 +16,7 @@
| Derick Rethans <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: mcrypt.c,v 1.91.2.3.2.7 2007/01/01 09:36:02 sebastian Exp $ */
+/* $Id: mcrypt.c,v 1.91.2.3.2.8 2007/02/15 01:15:45 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -1242,8 +1242,8 @@
return;
}
- if (size <= 0) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can not create an
IV with size 0 or smaller");
+ if (size <= 0 || size >= 2147483647) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can not create an
IV with a size of less then 1 or greater then %d", INT_MAX);
RETURN_FALSE;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
