From 618c327a56b03449324cdaa0d630ea710aea22fd Mon Sep 17 00:00:00 2001
From: Jakub Zelenka <bukka@php.net>
Date: Tue, 18 Aug 2015 19:46:59 +0100
Subject: [PATCH] Fix possible overflow in openssl_pbkdf2

Especially key_length would lead to the crash if it overflowed
to the negative value.
---
 ext/openssl/openssl.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 1608e5d5af..1e03ce7164 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -4011,6 +4011,22 @@ PHP_FUNCTION(openssl_pbkdf2)
 	if (key_length <= 0) {
 		RETURN_FALSE;
 	}
+	if (INT_MAX < key_length) {
+		php_error_docref(NULL, E_WARNING, "key_length is too long");
+		RETURN_FALSE;
+	}
+	if (INT_MAX < iterations) {
+		php_error_docref(NULL, E_WARNING, "iterations is too long");
+		RETURN_FALSE;
+	}
+	if (INT_MAX < password_len) {
+		php_error_docref(NULL, E_WARNING, "password_len is too long");
+		RETURN_FALSE;
+	}
+	if (INT_MAX < salt_len) {
+		php_error_docref(NULL, E_WARNING, "salt_len is too long");
+		RETURN_FALSE;
+	}
 
 	if (method_len) {
 		digest = EVP_get_digestbyname(method);
-- 
2.40.0