From: Michael Wallner <mike@php.net>
Date: Wed, 2 Jul 2014 08:09:05 +0000 (+0200)
Subject: fix length overflow of HTTP_RAW_POST_DATA
X-Git-Tag: php-5.6.0RC3~1^2~80
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=04c6a5b3773548388dec178058f270f30fc0c4de;p=php

fix length overflow of HTTP_RAW_POST_DATA
---

diff --git a/main/php_content_types.c b/main/php_content_types.c
index bc42c8094b..ca47e15285 100644
--- a/main/php_content_types.c
+++ b/main/php_content_types.c
@@ -64,6 +64,12 @@ SAPI_API SAPI_POST_READER_FUNC(php_default_post_reader)
 			length = php_stream_copy_to_mem(SG(request_info).request_body, &data, PHP_STREAM_COPY_ALL, 0);
 			php_stream_rewind(SG(request_info).request_body);
 
+			if (length > INT_MAX) {
+				sapi_module.sapi_error(E_WARNING,
+					"HTTP_RAW_POST_DATA truncated from %lu to %d bytes",
+					(unsigned long) length, INT_MAX);
+				length = INT_MAX;
+			}
 			SET_VAR_STRINGL("HTTP_RAW_POST_DATA", data, length);
 
 			sapi_module.sapi_error(E_DEPRECATED,