iliaa Tue Aug 24 11:25:48 2004 EDT
Modified files:
/php-src/ext/standard uuencode.c
Log:
Fixed bug #29821 (Fixed possible crashes in convert_uudecode() on invalid
data).
http://cvs.php.net/diff.php/php-src/ext/standard/uuencode.c?r1=1.3&r2=1.4&ty=u
Index: php-src/ext/standard/uuencode.c
diff -u php-src/ext/standard/uuencode.c:1.3 php-src/ext/standard/uuencode.c:1.4
--- php-src/ext/standard/uuencode.c:1.3 Thu Jan 8 03:17:35 2004
+++ php-src/ext/standard/uuencode.c Tue Aug 24 11:25:48 2004
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: uuencode.c,v 1.3 2004/01/08 08:17:35 andi Exp $ */
+/* $Id: uuencode.c,v 1.4 2004/08/24 15:25:48 iliaa Exp $ */
/*
* Portions of this code are based on Berkeley's uuencode/uudecode
@@ -136,9 +136,18 @@
if ((len = PHP_UU_DEC(*s++)) <= 0) {
break;
}
+ /* sanity check */
+ if (len > src_len) {
+ goto err;
+ }
+
total_len += len;
ee = s + (len == 45 ? 60 : (int) floor(len * 1.33));
+ /* sanity check */
+ if (ee > e) {
+ goto err;
+ }
while (s < ee) {
*p++ = PHP_UU_DEC(*s) << 2 | PHP_UU_DEC(*(s + 1)) >> 4;
@@ -168,6 +177,10 @@
*(*dest + total_len) = '\0';
return total_len;
+
+err:
+ efree(*dest);
+ return -1;
}
/* {{{ proto string uuencode(string data)
@@ -199,6 +212,10 @@
}
dst_len = php_uudecode(src, src_len, &dst);
+ if (dst_len < 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "The given parameter is
not a valid uuencoded string.");
+ RETURN_FALSE;
+ }
RETURN_STRINGL(dst, dst_len, 0);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
