Merge branch 'PHP-5.4' into PHP-5.5

* PHP-5.4:
  Fixed possible read after end of buffer and use after free.
This commit is contained in:
Dmitry Stogov 2014-12-08 12:20:01 +03:00
commit e6ad29ae96

View File

@ -619,8 +619,11 @@ PHP_FUNCTION(mcrypt_generic_init)
if (iv_len != iv_size) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Iv size incorrect; supplied length: %d, needed: %d", iv_len, iv_size);
if (iv_len > iv_size) {
iv_len = iv_size;
}
}
memcpy(iv_s, iv, iv_size);
memcpy(iv_s, iv, iv_len);
mcrypt_generic_deinit(pm->td);
result = mcrypt_generic_init(pm->td, key_s, key_size, iv_s);
@ -641,8 +644,9 @@ PHP_FUNCTION(mcrypt_generic_init)
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown error");
break;
}
} else {
pm->init = 1;
}
pm->init = 1;
RETVAL_LONG(result);
efree(iv_s);