]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1bcd439)
Fix bug #72674 - check both curl_escape and curl_unescape
authorStanislav Malyshev <stas@php.net>
Wed, 3 Aug 2016 07:58:55 +0000 (00:58 -0700)
committerStanislav Malyshev <stas@php.net>
Wed, 3 Aug 2016 07:58:55 +0000 (00:58 -0700)
ext/curl/interface.c patch | blob | history

diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index be15785cd0e9c5babb6abc43742c3961ce0c6a71..7069710ece192683350f64700c5d991d10bf994f 100644 (file)
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -3517,7 +3517,7 @@ PHP_FUNCTION(curl_reset)
 PHP_FUNCTION(curl_escape)
 {
        char       *str = NULL, *res = NULL;
-       size_t        str_len = 0;
+       size_t     str_len = 0;
        zval       *zid;
        php_curl   *ch;
 
@@ -3529,6 +3529,10 @@ PHP_FUNCTION(curl_escape)
                RETURN_FALSE;
        }
 
+       if (ZEND_SIZE_T_INT_OVFL(str_len)) {
+               RETURN_FALSE;
+       }
+
        if ((res = curl_easy_escape(ch->cp, str, str_len))) {
                RETVAL_STRING(res);
                curl_free(res);
@@ -3556,7 +3560,7 @@ PHP_FUNCTION(curl_unescape)
                RETURN_FALSE;
        }
 
-       if (str_len > INT_MAX) {
+       if (ZEND_SIZE_T_INT_OVFL(str_len)) {
                RETURN_FALSE;
        }
 
Unnamed repository; edit this file 'description' to name the repository.