]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 00d6a6d)
Ok, really fix socket_iovec_alloc() this time
authorRasmus Lerdorf <rasmus@php.net>
Tue, 1 Apr 2003 18:12:24 +0000 (18:12 +0000)
committerRasmus Lerdorf <rasmus@php.net>
Tue, 1 Apr 2003 18:12:24 +0000 (18:12 +0000)
ext/sockets/sockets.c patch | blob | history

diff --git a/ext/sockets/sockets.c b/ext/sockets/sockets.c
index c8371eb70db754d5cd07ff773bc19f6fef03fad4..54eefb966f4061dd6fed3fd8b79e1cec65352aba 100644 (file)
--- a/ext/sockets/sockets.c
+++ b/ext/sockets/sockets.c
@@ -1113,19 +1113,23 @@ PHP_FUNCTION(socket_iovec_alloc)
        convert_to_long_ex(args[0]);
        num_vectors = Z_LVAL_PP(args[0]);
 
-       if((argc-1)     < num_vectors) {
+       if(num_vectors < 0 || (argc-1) < num_vectors) {
                efree(args);
                WRONG_PARAM_COUNT;
        }
+
        vector_array = emalloc(sizeof(struct iovec)*(num_vectors+1));
 
        for (i = 0, j = 1; i < num_vectors; i++, j++) {
                convert_to_long_ex(args[j]);
-       
-               if(Z_LVAL_PP(args[j])>0) {
-                       vector_array[i].iov_base        = (char*)emalloc(Z_LVAL_PP(args[j]));
-                       vector_array[i].iov_len         = Z_LVAL_PP(args[j]);
+               if(Z_LVAL_PP(args[j])<=0 || Z_LVAL_PP(args[j])>1048576) {
+               php_error(E_WARNING, "%s() vector %d is invalid", get_active_function_name(TSRMLS_C), j);
+                       efree(args);
+                       efree(vector_array);
+                       RETURN_FALSE;
                }
+               vector_array[i].iov_base        = (char*)emalloc(Z_LVAL_PP(args[j]));
+               vector_array[i].iov_len         = Z_LVAL_PP(args[j]);
        }
        
        efree(args);
Unnamed repository; edit this file 'description' to name the repository.