From: Ilia Alshanetsky <iliaa@php.net>
Date: Thu, 15 Feb 2007 01:15:45 +0000 (+0000)
Subject: Improved validation route for size parameter of the mcrypt_create_iv()
X-Git-Tag: php-5.2.2RC1~399
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ed6725c69514a1044d356cfc40d6944ebfdae3a2;p=php

Improved validation route for size parameter of the mcrypt_create_iv()
function.
---

diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c
index 6f3561cacd..12242ed017 100644
--- a/ext/mcrypt/mcrypt.c
+++ b/ext/mcrypt/mcrypt.c
@@ -1242,8 +1242,8 @@ PHP_FUNCTION(mcrypt_create_iv)
 		return;
 	}
 
-	if (size <= 0) {
-		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can not create an IV with size 0 or smaller");
+	if (size <= 0 || size >= 2147483647) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can not create an IV with a size of less then 1 or greater then %d", INT_MAX);
 		RETURN_FALSE;
 	}