From: Jakub Zelenka <bukka@php.net>
Date: Mon, 17 Aug 2015 17:43:02 +0000 (+0100)
Subject: Check and use correct signature_len type for EVP_VerifyFinal
X-Git-Tag: php-7.0.0RC1~7^2~2^2~8
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c4a98e876c109ab4f80fbb4247ba11a31e037c41;p=php

Check and use correct signature_len type for EVP_VerifyFinal
---

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index b09f17481f..1608e5d5af 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -4822,6 +4822,10 @@ PHP_FUNCTION(openssl_verify)
 		return;
 	}
 
+	if (UINT_MAX < signature_len) {
+		php_error_docref(NULL, E_WARNING, "signature is too long");
+		RETURN_FALSE;
+	}
 	if (method == NULL || Z_TYPE_P(method) == IS_LONG) {
 		if (method != NULL) {
 			signature_algo = Z_LVAL_P(method);
@@ -4846,7 +4850,7 @@ PHP_FUNCTION(openssl_verify)
 
 	EVP_VerifyInit   (&md_ctx, mdtype);
 	EVP_VerifyUpdate (&md_ctx, data, data_len);
-	err = EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, (int)signature_len, pkey);
+	err = EVP_VerifyFinal(&md_ctx, (unsigned char *)signature, (unsigned int)signature_len, pkey);
 	EVP_MD_CTX_cleanup(&md_ctx);
 
 	if (keyresource == NULL) {