mirror of
https://github.com/php/php-src.git
synced 2024-11-28 04:14:26 +08:00
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4: Fixed possible read after end of buffer and use after free.
This commit is contained in:
commit
e6ad29ae96
@ -619,8 +619,11 @@ PHP_FUNCTION(mcrypt_generic_init)
|
||||
|
||||
if (iv_len != iv_size) {
|
||||
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Iv size incorrect; supplied length: %d, needed: %d", iv_len, iv_size);
|
||||
if (iv_len > iv_size) {
|
||||
iv_len = iv_size;
|
||||
}
|
||||
}
|
||||
memcpy(iv_s, iv, iv_size);
|
||||
memcpy(iv_s, iv, iv_len);
|
||||
|
||||
mcrypt_generic_deinit(pm->td);
|
||||
result = mcrypt_generic_init(pm->td, key_s, key_size, iv_s);
|
||||
@ -641,8 +644,9 @@ PHP_FUNCTION(mcrypt_generic_init)
|
||||
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown error");
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
pm->init = 1;
|
||||
}
|
||||
pm->init = 1;
|
||||
RETVAL_LONG(result);
|
||||
|
||||
efree(iv_s);
|
||||
|
Loading…
Reference in New Issue
Block a user