From: Frank Denis <github@pureftpd.org>
Date: Tue, 19 Sep 2017 12:37:21 +0000 (+0200)
Subject: ext/sodium: throw an exception if only the prefix of a hex string is valid
X-Git-Tag: php-7.2.0RC3~18
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fd86fdd7b8f23326d6bedaceea206a21a03ecad2;p=php

ext/sodium: throw an exception if only the prefix of a hex string is valid
---

diff --git a/ext/sodium/libsodium.c b/ext/sodium/libsodium.c
index 2c48b4489a..bb0aad46c5 100644
--- a/ext/sodium/libsodium.c
+++ b/ext/sodium/libsodium.c
@@ -2568,6 +2568,7 @@ PHP_FUNCTION(sodium_bin2hex)
 PHP_FUNCTION(sodium_hex2bin)
 {
 	zend_string   *bin;
+	const char    *end;
 	char          *hex;
 	char          *ignore = NULL;
 	size_t         bin_real_len;
@@ -2584,8 +2585,13 @@ PHP_FUNCTION(sodium_hex2bin)
 	bin_len = hex_len / 2;
 	bin = zend_string_alloc(bin_len, 0);
 	if (sodium_hex2bin((unsigned char *) ZSTR_VAL(bin), bin_len, hex, hex_len,
-					   ignore, &bin_real_len, NULL) != 0 ||
-		bin_real_len >= SIZE_MAX || bin_real_len > bin_len) {
+					   ignore, &bin_real_len, &end) != 0 ||
+		end != hex + hex_len) {
+		zend_string_free(bin);
+		zend_throw_exception(sodium_exception_ce, "invalid hex string", 0);
+		return;
+	}
+	if (bin_real_len >= SIZE_MAX || bin_real_len > bin_len) {
 		zend_string_free(bin);
 		zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
 		return;