- Fixed possible off-by-one overflow in ibase_gen_id()

author Felipe Pena <felipe@php.net>

Thu, 24 Feb 2011 02:42:38 +0000 (02:42 +0000)

committer Felipe Pena <felipe@php.net>

Thu, 24 Feb 2011 02:42:38 +0000 (02:42 +0000)
author Felipe Pena <felipe@php.net>
Thu, 24 Feb 2011 02:42:38 +0000 (02:42 +0000)
committer Felipe Pena <felipe@php.net>
Thu, 24 Feb 2011 02:42:38 +0000 (02:42 +0000)
diff --git a/ext/interbase/interbase.c b/ext/interbase/interbase.c

index fa72cf80c30329a1a1b609129c4a03cc6aa8e4ec..bc50175a233cec1e2f9d58e2574b3d47c9995236 100644 (file)
--- a/ext/interbase/interbase.c
+++ b/ext/interbase/interbase.c
@@ -1424,6 +1424,11 @@ PHP_FUNCTION(ibase_gen_id)
                         &inc, &link)) {
                 RETURN_FALSE;
         }
+       
+       if (gen_len > 31) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid generator name");
+               RETURN_FALSE;
+       }
  
         PHP_IBASE_LINK_TRANS(link, ib_link, trans);
author	Felipe Pena <felipe@php.net>
	Thu, 24 Feb 2011 02:42:38 +0000 (02:42 +0000)
committer	Felipe Pena <felipe@php.net>
	Thu, 24 Feb 2011 02:42:38 +0000 (02:42 +0000)