archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix potential OOB when checking for trailing spaces

Browse source 
If `path_len` is zero, we must not access `path`, let alone try to
subtract `-1` from it.

Since `path` and `path_len` are supposed to come from a `zend_string`,
this is not a security issue.

Closes GH-17471.
This commit is contained in:
Christoph M. Becker 2025-01-15 14:59:56 +01:00
parent 022a5fca91
commit ed8b11188b
No known key found for this signature in database
GPG key ID: D66C9593118BCCB6
2 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
NEWS
View file

@ -11,6 +11,7 @@ PHP NEWS
inherited final). (ilutov) inherited final). (ilutov)
. Fixed NULL arithmetic during system program execution on Windows. (cmb, . Fixed NULL arithmetic during system program execution on Windows. (cmb,
nielsdos) nielsdos)
. Fixed potential OOB when checking for trailing spaces on Windows. (cmb)
- Enchant: - Enchant:
. Fix crashes in enchant when passing null bytes. (nielsdos) . Fix crashes in enchant when passing null bytes. (nielsdos)

2
win32/winutil.c
View file

@ -56,7 +56,7 @@ PHP_WINUTIL_API void php_win32_error_msg_free(char *msg)
int php_win32_check_trailing_space(const char * path, const size_t path_len) int php_win32_check_trailing_space(const char * path, const size_t path_len)
{/*{{{*/ {/*{{{*/
if (path_len > MAXPATHLEN - 1) { if (path_len == 0 || path_len > MAXPATHLEN - 1) {
return 1; return 1;
} }
if (path) { if (path) {