iliaa Wed Jul 28 19:21:56 2004 EDT
Modified files: (Branch: PHP_5_0)
/php-src/ext/standard streamsfuncs.c
Log:
MFH: Fixed possible crash in stream_socket_recvfrom() when length
parameter has a negative value.
http://cvs.php.net/diff.php/php-src/ext/standard/streamsfuncs.c?r1=1.35&r2=1.35.2.1&ty=u
Index: php-src/ext/standard/streamsfuncs.c
diff -u php-src/ext/standard/streamsfuncs.c:1.35
php-src/ext/standard/streamsfuncs.c:1.35.2.1
--- php-src/ext/standard/streamsfuncs.c:1.35 Wed Jun 16 19:57:25 2004
+++ php-src/ext/standard/streamsfuncs.c Wed Jul 28 19:21:56 2004
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: streamsfuncs.c,v 1.35 2004/06/16 23:57:25 abies Exp $ */
+/* $Id: streamsfuncs.c,v 1.35.2.1 2004/07/28 23:21:56 iliaa Exp $ */
#include "php.h"
#include "php_globals.h"
@@ -316,6 +316,11 @@
zval_dtor(zremote);
ZVAL_NULL(zremote);
Z_STRLEN_P(zremote) = 0;
+ }
+
+ if (to_read <= 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter must be
greater than 0.");
+ RETURN_FALSE;
}
read_buf = emalloc(to_read + 1);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
