archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix #74544: Integer overflow in mysqli_real_escape_string()

Browse source 
The patch has been provided by @johannes.

Closes GH-7353.
This commit is contained in:
Christoph M. Becker 2021-08-09 12:48:21 +02:00
parent 6724d5d4c2
commit 5977610de1
No known key found for this signature in database
GPG key ID: D66C9593118BCCB6
2 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
NEWS
View file

@ -18,6 +18,10 @@ PHP NEWS
- GD: - GD:
. Fixed bug #51498 (imagefilledellipse does not work for large circles). (cmb) . Fixed bug #51498 (imagefilledellipse does not work for large circles). (cmb)
- MySQLi:
. Fixed bug #74544 (Integer overflow in mysqli_real_escape_string()). (cmb,
johannes)
- OpenSSL: - OpenSSL:
. Fixed bug #81327 (Error build openssl extension on php 7.4.22). (cmb) . Fixed bug #81327 (Error build openssl extension on php 7.4.22). (cmb)

2
ext/mysqli/mysqli_api.c
View file

@ -1971,7 +1971,7 @@ PHP_FUNCTION(mysqli_real_escape_string) {
} }
MYSQLI_FETCH_RESOURCE_CONN(mysql, mysql_link, MYSQLI_STATUS_VALID); MYSQLI_FETCH_RESOURCE_CONN(mysql, mysql_link, MYSQLI_STATUS_VALID);
newstr = zend_string_alloc(2 * escapestr_len, 0); newstr = zend_string_safe_alloc(2, escapestr_len, 0, 0);
ZSTR_LEN(newstr) = mysql_real_escape_string_quote(mysql->mysql, ZSTR_VAL(newstr), escapestr, escapestr_len, '\''); ZSTR_LEN(newstr) = mysql_real_escape_string_quote(mysql->mysql, ZSTR_VAL(newstr), escapestr, escapestr_len, '\'');
newstr = zend_string_truncate(newstr, ZSTR_LEN(newstr), 0); newstr = zend_string_truncate(newstr, ZSTR_LEN(newstr), 0);