dmitry Wed, 02 Nov 2011 08:07:12 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=318673
Log: Prevent possible integer overflow Changed paths: U php/php-src/branches/PHP_5_3/ext/soap/php_http.c U php/php-src/branches/PHP_5_4/ext/soap/php_http.c U php/php-src/trunk/ext/soap/php_http.c Modified: php/php-src/branches/PHP_5_3/ext/soap/php_http.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/soap/php_http.c 2011-11-02 07:36:52 UTC (rev 318672) +++ php/php-src/branches/PHP_5_3/ext/soap/php_http.c 2011-11-02 08:07:12 UTC (rev 318673) @@ -1383,7 +1383,7 @@ } } else if (header_length) { - if (header_length < 0) { + if (header_length < 0 || header_length >= INT_MAX) { return FALSE; } http_buf = emalloc(header_length + 1); Modified: php/php-src/branches/PHP_5_4/ext/soap/php_http.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/soap/php_http.c 2011-11-02 07:36:52 UTC (rev 318672) +++ php/php-src/branches/PHP_5_4/ext/soap/php_http.c 2011-11-02 08:07:12 UTC (rev 318673) @@ -1383,7 +1383,7 @@ } } else if (header_length) { - if (header_length < 0) { + if (header_length < 0 || header_length >= INT_MAX) { return FALSE; } http_buf = safe_emalloc(1, header_length, 1); Modified: php/php-src/trunk/ext/soap/php_http.c =================================================================== --- php/php-src/trunk/ext/soap/php_http.c 2011-11-02 07:36:52 UTC (rev 318672) +++ php/php-src/trunk/ext/soap/php_http.c 2011-11-02 08:07:12 UTC (rev 318673) @@ -1383,7 +1383,7 @@ } } else if (header_length) { - if (header_length < 0) { + if (header_length < 0 || header_length >= INT_MAX) { return FALSE; } http_buf = safe_emalloc(1, header_length, 1);
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php