Fix bug #72776 (Invalid parameter in memcpy function trough openssl_pbkdf2)

bukka · bukka · commit 493b2bff0253 · 2016-11-06T20:40:51.000Z
diff --git a/NEWS b/NEWS
@@ -6,6 +6,10 @@ PHP                                                                        NEWS
   . Fixed bug #73402 (Opcache segfault when using class constant to call a
     method). (Laruence)
 
+- OpenSSL
+  . Fixed bug #72776 (Invalid parameter in memcpy function trough
+    openssl_pbkdf2). (Jakub Zelenka)
+
 10 Nov 2016, PHP 5.6.28
 
 - Core:
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
@@ -4059,7 +4059,7 @@ PHP_FUNCTION(openssl_pbkdf2)
 		return;
 	}
 
-	if (key_length <= 0) {
+	if (key_length <= 0 || key_length > INT_MAX) {
 		RETURN_FALSE;
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -4059,7 +4059,7 @@ PHP_FUNCTION(openssl_pbkdf2)`
`4059`	`4059`	`return;`
`4060`	`4060`	`}`
`4061`	`4061`
`4062`		`- if (key_length <= 0) {`
	`4062`	`+ if (key_length <= 0 \|\| key_length > INT_MAX) {`
`4063`	`4063`	`RETURN_FALSE;`
`4064`	`4064`	`}`
`4065`	`4065`