(Paul Hudson, Derick)
- Fixed bug with raw_post_data not getting set (Brian)
- Fixed a file-descriptor leak with phpinfo() and other 'special' URLs (Zeev)
+- Fixed bug #29821 (Fixed possible crashes in convert_uudecode() on invalid
+ data). (Ilia)
- Fixed bug #29737 (ip2long should return -1 if IP is 255.255.255.255 and FALSE
on error). (Tony)
- Fixed bug #29711 (Changed ext/xml to default to UTF-8 output). (Rob)
if ((len = PHP_UU_DEC(*s++)) <= 0) {
break;
}
+ /* sanity check */
+ if (len > src_len) {
+ goto err;
+ }
+
total_len += len;
ee = s + (len == 45 ? 60 : (int) floor(len * 1.33));
+ /* sanity check */
+ if (ee > e) {
+ goto err;
+ }
while (s < ee) {
*p++ = PHP_UU_DEC(*s) << 2 | PHP_UU_DEC(*(s + 1)) >> 4;
*(*dest + total_len) = '\0';
return total_len;
+
+err:
+ efree(*dest);
+ return -1;
}
/* {{{ proto string uuencode(string data)
}
dst_len = php_uudecode(src, src_len, &dst);
+ if (dst_len < 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "The given parameter is not a valid uuencoded string.");
+ RETURN_FALSE;
+ }
RETURN_STRINGL(dst, dst_len, 0);
}
projects / php / commitdiff