From 7dc8b5e7aefce963a7a222c48ee3506725c4776b Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Tue, 11 Oct 2016 13:37:47 -0700
Subject: [PATCH] Fix bug #73276 - crash in openssl_random_pseudo_bytes
 function

(cherry picked from commit 85a22a0af0722ef3a8d49a056a0b2b18be1fb981)
---
 ext/openssl/openssl.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index e2f9fafacf..bf1f0c51a9 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -5546,7 +5546,11 @@ PHP_FUNCTION(openssl_random_pseudo_bytes)
 		return;
 	}
 
-	if (buffer_length <= 0) {
+	if (buffer_length <= 0
+#ifndef PHP_WIN32
+		|| ZEND_LONG_INT_OVFL(buffer_length)
+#endif
+			) {
 		RETURN_FALSE;
 	}
 
@@ -5570,6 +5574,7 @@ PHP_FUNCTION(openssl_random_pseudo_bytes)
 
 	PHP_OPENSSL_CHECK_LONG_TO_INT(buffer_length, length);
 	PHP_OPENSSL_RAND_ADD_TIME();
+	/* FIXME loop if requested size > INT_MAX */
 	if (RAND_bytes((unsigned char*)ZSTR_VAL(buffer), (int)buffer_length) <= 0) {
 		zend_string_release(buffer);
 		if (zstrong_result_returned) {
-- 
2.50.1