archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Restrict range of buffer_length on all platforms to INT_MAX

Browse source 
This has only been done for Windows systems so far, and there was a
TODO comment about looping for larger values; that appears to be
overkill, though, since 2 million bytes should be sufficient for all
use cases, and if there is really the need for more, users can still
loop manually.  Anyhow, checking the range upfront on all platforms
is clearer then silently casting to `int`.

We split the error message for the least possible BC break.

Closes GH-9126.
This commit is contained in:
Christoph M. Becker 2022-07-25 20:03:12 +02:00
parent 9115211ebf
commit e52946eb52
No known key found for this signature in database
GPG key ID: D66C9593118BCCB6
1 changed files with 5 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

11
ext/openssl/openssl.c
View file

@ -7642,14 +7642,14 @@ PHP_FUNCTION(openssl_cipher_iv_length)
PHP_OPENSSL_API zend_string* php_openssl_random_pseudo_bytes(zend_long buffer_length) PHP_OPENSSL_API zend_string* php_openssl_random_pseudo_bytes(zend_long buffer_length)
{ {
zend_string *buffer = NULL; zend_string *buffer = NULL;
if (buffer_length <= 0 if (buffer_length <= 0) {
#ifndef PHP_WIN32
|| ZEND_LONG_INT_OVFL(buffer_length)
#endif
) {
zend_argument_value_error(1, "must be greater than 0"); zend_argument_value_error(1, "must be greater than 0");
return NULL; return NULL;
} }
if (ZEND_LONG_INT_OVFL(buffer_length)) {
zend_argument_value_error(1, "must be less than 2147483648");
return NULL;
}
buffer = zend_string_alloc(buffer_length, 0); buffer = zend_string_alloc(buffer_length, 0);
#ifdef PHP_WIN32 #ifdef PHP_WIN32
@ -7663,7 +7663,6 @@ PHP_OPENSSL_API zend_string* php_openssl_random_pseudo_bytes(zend_long buffer_le
PHP_OPENSSL_CHECK_LONG_TO_INT_NULL_RETURN(buffer_length, length); PHP_OPENSSL_CHECK_LONG_TO_INT_NULL_RETURN(buffer_length, length);
PHP_OPENSSL_RAND_ADD_TIME(); PHP_OPENSSL_RAND_ADD_TIME();
/* FIXME loop if requested size > INT_MAX */
if (RAND_bytes((unsigned char*)ZSTR_VAL(buffer), (int)buffer_length) <= 0) { if (RAND_bytes((unsigned char*)ZSTR_VAL(buffer), (int)buffer_length) <= 0) {
zend_string_release_ex(buffer, 0); zend_string_release_ex(buffer, 0);
zend_throw_exception(zend_ce_exception, "Error reading from source device", 0); zend_throw_exception(zend_ce_exception, "Error reading from source device", 0);