Fix possible overflow in openssl_pbkdf2

Especially key_length would lead to the crash if it overflowed
to the negative value.

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 1608e5d5afd054da45ee8428340b142f5e2212fa..1e03ce71644aa681398c3233ab633d1ed527327b 100644 (file)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -4011,6 +4011,22 @@ PHP_FUNCTION(openssl_pbkdf2)
        if (key_length <= 0) {
                RETURN_FALSE;
        }
+       if (INT_MAX < key_length) {
+               php_error_docref(NULL, E_WARNING, "key_length is too long");
+               RETURN_FALSE;
+       }
+       if (INT_MAX < iterations) {
+               php_error_docref(NULL, E_WARNING, "iterations is too long");
+               RETURN_FALSE;
+       }
+       if (INT_MAX < password_len) {
+               php_error_docref(NULL, E_WARNING, "password_len is too long");
+               RETURN_FALSE;
+       }
+       if (INT_MAX < salt_len) {
+               php_error_docref(NULL, E_WARNING, "salt_len is too long");
+               RETURN_FALSE;
+       }
 
        if (method_len) {
                digest = EVP_get_digestbyname(method);