]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 989cdab)
fix length overflow of HTTP_RAW_POST_DATA
authorMichael Wallner <mike@php.net>
Wed, 2 Jul 2014 08:09:05 +0000 (10:09 +0200)
committerMichael Wallner <mike@php.net>
Thu, 3 Jul 2014 18:40:40 +0000 (20:40 +0200)
main/php_content_types.c patch | blob | history

diff --git a/main/php_content_types.c b/main/php_content_types.c
index bc42c8094bfe933b418e9c562d21e35cf4785124..ca47e15285503aa5480561b2eba68c9a428f895e 100644 (file)
--- a/main/php_content_types.c
+++ b/main/php_content_types.c
@@ -64,6 +64,12 @@ SAPI_API SAPI_POST_READER_FUNC(php_default_post_reader)
                        length = php_stream_copy_to_mem(SG(request_info).request_body, &data, PHP_STREAM_COPY_ALL, 0);
                        php_stream_rewind(SG(request_info).request_body);
 
+                       if (length > INT_MAX) {
+                               sapi_module.sapi_error(E_WARNING,
+                                       "HTTP_RAW_POST_DATA truncated from %lu to %d bytes",
+                                       (unsigned long) length, INT_MAX);
+                               length = INT_MAX;
+                       }
                        SET_VAR_STRINGL("HTTP_RAW_POST_DATA", data, length);
 
                        sapi_module.sapi_error(E_DEPRECATED,
Unnamed repository; edit this file 'description' to name the repository.