From e52946eb52dfd68bf6daa3ebe60e8f8648996639 Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Mon, 25 Jul 2022 20:03:12 +0200 Subject: [PATCH] Restrict range of buffer_length on all platforms to INT_MAX This has only been done for Windows systems so far, and there was a TODO comment about looping for larger values; that appears to be overkill, though, since 2 million bytes should be sufficient for all use cases, and if there is really the need for more, users can still loop manually. Anyhow, checking the range upfront on all platforms is clearer then silently casting to `int`. We split the error message for the least possible BC break. Closes GH-9126. --- ext/openssl/openssl.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index b26e0429094..4fd74164f4c 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -7642,14 +7642,14 @@ PHP_FUNCTION(openssl_cipher_iv_length) PHP_OPENSSL_API zend_string* php_openssl_random_pseudo_bytes(zend_long buffer_length) { zend_string *buffer = NULL; - if (buffer_length <= 0 -#ifndef PHP_WIN32 - || ZEND_LONG_INT_OVFL(buffer_length) -#endif - ) { + if (buffer_length <= 0) { zend_argument_value_error(1, "must be greater than 0"); return NULL; } + if (ZEND_LONG_INT_OVFL(buffer_length)) { + zend_argument_value_error(1, "must be less than 2147483648"); + return NULL; + } buffer = zend_string_alloc(buffer_length, 0); #ifdef PHP_WIN32 @@ -7663,7 +7663,6 @@ PHP_OPENSSL_API zend_string* php_openssl_random_pseudo_bytes(zend_long buffer_le PHP_OPENSSL_CHECK_LONG_TO_INT_NULL_RETURN(buffer_length, length); PHP_OPENSSL_RAND_ADD_TIME(); - /* FIXME loop if requested size > INT_MAX */ if (RAND_bytes((unsigned char*)ZSTR_VAL(buffer), (int)buffer_length) <= 0) { zend_string_release_ex(buffer, 0); zend_throw_exception(zend_ce_exception, "Error reading from source device", 0);