php_http.c

Dmitry Stogov Wed, 02 Nov 2011 01:07:43 -0700

dmitry                                   Wed, 02 Nov 2011 08:07:12 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=318673


Log:
Prevent possible integer overflow

Changed paths:
    U   php/php-src/branches/PHP_5_3/ext/soap/php_http.c
    U   php/php-src/branches/PHP_5_4/ext/soap/php_http.c
    U   php/php-src/trunk/ext/soap/php_http.c

Modified: php/php-src/branches/PHP_5_3/ext/soap/php_http.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/soap/php_http.c    2011-11-02 07:36:52 UTC 
(rev 318672)
+++ php/php-src/branches/PHP_5_3/ext/soap/php_http.c    2011-11-02 08:07:12 UTC 
(rev 318673)
@@ -1383,7 +1383,7 @@
                }

        } else if (header_length) {
-               if (header_length < 0) {
+               if (header_length < 0 || header_length >= INT_MAX) {
                        return FALSE;
                }
                http_buf = emalloc(header_length + 1);

Modified: php/php-src/branches/PHP_5_4/ext/soap/php_http.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/soap/php_http.c    2011-11-02 07:36:52 UTC 
(rev 318672)
+++ php/php-src/branches/PHP_5_4/ext/soap/php_http.c    2011-11-02 08:07:12 UTC 
(rev 318673)
@@ -1383,7 +1383,7 @@
                }

        } else if (header_length) {
-               if (header_length < 0) {
+               if (header_length < 0 || header_length >= INT_MAX) {
                        return FALSE;
                }
                http_buf = safe_emalloc(1, header_length, 1);

Modified: php/php-src/trunk/ext/soap/php_http.c
===================================================================
--- php/php-src/trunk/ext/soap/php_http.c       2011-11-02 07:36:52 UTC (rev 
318672)
+++ php/php-src/trunk/ext/soap/php_http.c       2011-11-02 08:07:12 UTC (rev 
318673)
@@ -1383,7 +1383,7 @@
                }

        } else if (header_length) {
-               if (header_length < 0) {
+               if (header_length < 0 || header_length >= INT_MAX) {
                        return FALSE;
                }
                http_buf = safe_emalloc(1, header_length, 1);

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/soap/php_http.c branches/PHP_5_4/ext/soap/php_http.c trunk/ext/soap/php_http.c

Reply via email to