From ed6725c69514a1044d356cfc40d6944ebfdae3a2 Mon Sep 17 00:00:00 2001 From: Ilia Alshanetsky Date: Thu, 15 Feb 2007 01:15:45 +0000 Subject: [PATCH] Improved validation route for size parameter of the mcrypt_create_iv() function. --- ext/mcrypt/mcrypt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c index 6f3561cacd..12242ed017 100644 --- a/ext/mcrypt/mcrypt.c +++ b/ext/mcrypt/mcrypt.c @@ -1242,8 +1242,8 @@ PHP_FUNCTION(mcrypt_create_iv) return; } - if (size <= 0) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can not create an IV with size 0 or smaller"); + if (size <= 0 || size >= 2147483647) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can not create an IV with a size of less then 1 or greater then %d", INT_MAX); RETURN_FALSE; } -- 2.50.1