Skip to content

Commit cb5237a

Browse files
devnexendevnexen
committed
further upper limit changes to ZSTR_MAX_LEN for buffers.
1 parent 0f6d3dc commit cb5237a

File tree

1 file changed

+39
-39
lines changed

1 file changed

+39
-39
lines changed

ext/sodium/libsodium.c

Lines changed: 39 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -1081,7 +1081,7 @@ PHP_FUNCTION(sodium_crypto_sign)
10811081
zend_throw_exception(sodium_exception_ce, "internal error", 0);
10821082
RETURN_THROWS();
10831083
}
1084-
if (msg_signed_real_len >= SIZE_MAX || msg_signed_real_len > msg_signed_len) {
1084+
if (msg_signed_real_len >= ZSTR_MAX_LEN || msg_signed_real_len > msg_signed_len) {
10851085
zend_string_efree(msg_signed);
10861086
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
10871087
RETURN_THROWS();
@@ -1113,18 +1113,18 @@ PHP_FUNCTION(sodium_crypto_sign_open)
11131113
RETURN_THROWS();
11141114
}
11151115
msg_len = msg_signed_len;
1116-
if (msg_len >= SIZE_MAX) {
1116+
if (msg_len >= ZSTR_MAX_LEN) {
11171117
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
11181118
RETURN_THROWS();
11191119
}
1120-
msg = zend_string_alloc((size_t) msg_len, 0);
1120+
msg = zend_string_alloc(msg_len, 0);
11211121
if (crypto_sign_open((unsigned char *) ZSTR_VAL(msg), &msg_real_len,
11221122
msg_signed, (unsigned long long) msg_signed_len,
11231123
publickey) != 0) {
11241124
zend_string_efree(msg);
11251125
RETURN_FALSE;
11261126
}
1127-
if (msg_real_len >= SIZE_MAX || msg_real_len > msg_signed_len) {
1127+
if (msg_real_len >= ZSTR_MAX_LEN || msg_real_len > msg_signed_len) {
11281128
zend_string_efree(msg);
11291129
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
11301130
RETURN_THROWS();
@@ -1222,7 +1222,7 @@ PHP_FUNCTION(sodium_crypto_stream)
12221222
sodium_remove_param_values_from_backtrace(EG(exception));
12231223
RETURN_THROWS();
12241224
}
1225-
if (ciphertext_len <= 0 || ciphertext_len >= SIZE_MAX) {
1225+
if (ciphertext_len <= 0 || ciphertext_len >= ZSTR_MAX_LEN) {
12261226
zend_argument_error(sodium_exception_ce, 1, "must be greater than 0");
12271227
RETURN_THROWS();
12281228
}
@@ -1302,7 +1302,7 @@ PHP_FUNCTION(sodium_crypto_stream_xchacha20)
13021302
sodium_remove_param_values_from_backtrace(EG(exception));
13031303
RETURN_THROWS();
13041304
}
1305-
if (ciphertext_len <= 0 || ciphertext_len >= SIZE_MAX) {
1305+
if (ciphertext_len <= 0 || ciphertext_len >= ZSTR_MAX_LEN) {
13061306
zend_argument_error(sodium_exception_ce, 1, "must be greater than 0");
13071307
RETURN_THROWS();
13081308
}
@@ -1619,7 +1619,7 @@ PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256)
16191619
sodium_remove_param_values_from_backtrace(EG(exception));
16201620
RETURN_THROWS();
16211621
}
1622-
if (hash_len <= 0 || hash_len >= SIZE_MAX || hash_len > 0x1fffffffe0ULL) {
1622+
if (hash_len <= 0 || hash_len >= ZSTR_MAX_LEN || hash_len > 0x1fffffffe0ULL) {
16231623
zend_argument_error(sodium_exception_ce, 1, "must be greater than 0");
16241624
RETURN_THROWS();
16251625
}
@@ -1792,7 +1792,7 @@ PHP_FUNCTION(sodium_crypto_aead_aes256gcm_encrypt)
17921792
zend_throw_exception(sodium_exception_ce, "internal error", 0);
17931793
RETURN_THROWS();
17941794
}
1795-
if (ciphertext_real_len <= 0U || ciphertext_real_len >= SIZE_MAX ||
1795+
if (ciphertext_real_len <= 0U || ciphertext_real_len >= ZSTR_MAX_LEN ||
17961796
ciphertext_real_len > ciphertext_len) {
17971797
zend_string_efree(ciphertext);
17981798
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
@@ -1854,7 +1854,7 @@ PHP_FUNCTION(sodium_crypto_aead_aes256gcm_decrypt)
18541854
zend_string_efree(msg);
18551855
RETURN_FALSE;
18561856
}
1857-
if (msg_real_len >= SIZE_MAX || msg_real_len > msg_len) {
1857+
if (msg_real_len >= ZSTR_MAX_LEN || msg_real_len > msg_len) {
18581858
zend_string_efree(msg);
18591859
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
18601860
RETURN_THROWS();
@@ -1897,12 +1897,12 @@ PHP_FUNCTION(sodium_crypto_aead_aegis128l_encrypt)
18971897
zend_argument_error(sodium_exception_ce, 4, "must be SODIUM_CRYPTO_AEAD_AEGIS128L_KEYBYTES bytes long");
18981898
RETURN_THROWS();
18991899
}
1900-
if (SIZE_MAX - msg_len <= crypto_aead_aegis128l_ABYTES) {
1900+
if (ZSTR_MAX_LEN - msg_len <= crypto_aead_aegis128l_ABYTES) {
19011901
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
19021902
RETURN_THROWS();
19031903
}
19041904
ciphertext_len = msg_len + crypto_aead_aegis128l_ABYTES;
1905-
ciphertext = zend_string_alloc((size_t) ciphertext_len, 0);
1905+
ciphertext = zend_string_alloc(ciphertext_len, 0);
19061906
if (crypto_aead_aegis128l_encrypt
19071907
((unsigned char *) ZSTR_VAL(ciphertext), &ciphertext_real_len, msg,
19081908
(unsigned long long) msg_len,
@@ -1911,7 +1911,7 @@ PHP_FUNCTION(sodium_crypto_aead_aegis128l_encrypt)
19111911
zend_throw_exception(sodium_exception_ce, "internal error", 0);
19121912
RETURN_THROWS();
19131913
}
1914-
if (ciphertext_real_len <= 0U || ciphertext_real_len >= SIZE_MAX ||
1914+
if (ciphertext_real_len <= 0U || ciphertext_real_len >= ZSTR_MAX_LEN ||
19151915
ciphertext_real_len > ciphertext_len) {
19161916
zend_string_efree(ciphertext);
19171917
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
@@ -1969,7 +1969,7 @@ PHP_FUNCTION(sodium_crypto_aead_aegis128l_decrypt)
19691969
zend_string_efree(msg);
19701970
RETURN_FALSE;
19711971
}
1972-
if (msg_real_len >= SIZE_MAX || msg_real_len > msg_len) {
1972+
if (msg_real_len >= ZSTR_MAX_LEN || msg_real_len > msg_len) {
19731973
zend_string_efree(msg);
19741974
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
19751975
RETURN_THROWS();
@@ -2012,12 +2012,12 @@ PHP_FUNCTION(sodium_crypto_aead_aegis256_encrypt)
20122012
zend_argument_error(sodium_exception_ce, 4, "must be SODIUM_CRYPTO_AEAD_AEGIS256_KEYBYTES bytes long");
20132013
RETURN_THROWS();
20142014
}
2015-
if (SIZE_MAX - msg_len <= crypto_aead_aegis256_ABYTES) {
2015+
if (ZSTR_MAX_LEN - msg_len <= crypto_aead_aegis256_ABYTES) {
20162016
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
20172017
RETURN_THROWS();
20182018
}
20192019
ciphertext_len = msg_len + crypto_aead_aegis256_ABYTES;
2020-
ciphertext = zend_string_alloc((size_t) ciphertext_len, 0);
2020+
ciphertext = zend_string_alloc(ciphertext_len, 0);
20212021
if (crypto_aead_aegis256_encrypt
20222022
((unsigned char *) ZSTR_VAL(ciphertext), &ciphertext_real_len, msg,
20232023
(unsigned long long) msg_len,
@@ -2026,7 +2026,7 @@ PHP_FUNCTION(sodium_crypto_aead_aegis256_encrypt)
20262026
zend_throw_exception(sodium_exception_ce, "internal error", 0);
20272027
RETURN_THROWS();
20282028
}
2029-
if (ciphertext_real_len <= 0U || ciphertext_real_len >= SIZE_MAX ||
2029+
if (ciphertext_real_len <= 0U || ciphertext_real_len >= ZSTR_MAX_LEN ||
20302030
ciphertext_real_len > ciphertext_len) {
20312031
zend_string_efree(ciphertext);
20322032
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
@@ -2072,19 +2072,19 @@ PHP_FUNCTION(sodium_crypto_aead_aegis256_decrypt)
20722072
RETURN_FALSE;
20732073
}
20742074
msg_len = ciphertext_len;
2075-
if (msg_len >= SIZE_MAX) {
2075+
if (msg_len >= ZSTR_MAX_LEN) {
20762076
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
20772077
RETURN_THROWS();
20782078
}
2079-
msg = zend_string_alloc((size_t) msg_len, 0);
2079+
msg = zend_string_alloc(msg_len, 0);
20802080
if (crypto_aead_aegis256_decrypt
20812081
((unsigned char *) ZSTR_VAL(msg), &msg_real_len, NULL,
20822082
ciphertext, (unsigned long long) ciphertext_len,
20832083
ad, (unsigned long long) ad_len, npub, secretkey) != 0) {
20842084
zend_string_efree(msg);
20852085
RETURN_FALSE;
20862086
}
2087-
if (msg_real_len >= SIZE_MAX || msg_real_len > msg_len) {
2087+
if (msg_real_len >= ZSTR_MAX_LEN || msg_real_len > msg_len) {
20882088
zend_string_efree(msg);
20892089
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
20902090
RETURN_THROWS();
@@ -2126,12 +2126,12 @@ PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_encrypt)
21262126
zend_argument_error(sodium_exception_ce, 4, "must be SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_KEYBYTES bytes long");
21272127
RETURN_THROWS();
21282128
}
2129-
if (SIZE_MAX - msg_len <= crypto_aead_chacha20poly1305_ABYTES) {
2129+
if (ZSTR_MAX_LEN - msg_len <= crypto_aead_chacha20poly1305_ABYTES) {
21302130
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
21312131
RETURN_THROWS();
21322132
}
21332133
ciphertext_len = msg_len + crypto_aead_chacha20poly1305_ABYTES;
2134-
ciphertext = zend_string_alloc((size_t) ciphertext_len, 0);
2134+
ciphertext = zend_string_alloc(ciphertext_len, 0);
21352135
if (crypto_aead_chacha20poly1305_encrypt
21362136
((unsigned char *) ZSTR_VAL(ciphertext), &ciphertext_real_len, msg,
21372137
(unsigned long long) msg_len,
@@ -2140,7 +2140,7 @@ PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_encrypt)
21402140
zend_throw_exception(sodium_exception_ce, "internal error", 0);
21412141
RETURN_THROWS();
21422142
}
2143-
if (ciphertext_real_len <= 0U || ciphertext_real_len >= SIZE_MAX ||
2143+
if (ciphertext_real_len <= 0U || ciphertext_real_len >= ZSTR_MAX_LEN ||
21442144
ciphertext_real_len > ciphertext_len) {
21452145
zend_string_efree(ciphertext);
21462146
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
@@ -2186,7 +2186,7 @@ PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_decrypt)
21862186
RETURN_FALSE;
21872187
}
21882188
msg_len = ciphertext_len;
2189-
if (msg_len >= SIZE_MAX) {
2189+
if (msg_len >= ZSTR_MAX_LEN) {
21902190
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
21912191
RETURN_THROWS();
21922192
}
@@ -2198,7 +2198,7 @@ PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_decrypt)
21982198
zend_string_efree(msg);
21992199
RETURN_FALSE;
22002200
}
2201-
if (msg_real_len >= SIZE_MAX || msg_real_len > msg_len) {
2201+
if (msg_real_len >= ZSTR_MAX_LEN || msg_real_len > msg_len) {
22022202
zend_string_efree(msg);
22032203
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
22042204
RETURN_THROWS();
@@ -2239,7 +2239,7 @@ PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_ietf_encrypt)
22392239
zend_argument_error(sodium_exception_ce, 4, "must be SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_IETF_KEYBYTES bytes long");
22402240
RETURN_THROWS();
22412241
}
2242-
if (SIZE_MAX - msg_len <= crypto_aead_chacha20poly1305_IETF_ABYTES) {
2242+
if (ZSTR_MAX_LEN - msg_len <= crypto_aead_chacha20poly1305_IETF_ABYTES) {
22432243
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
22442244
RETURN_THROWS();
22452245
}
@@ -2257,7 +2257,7 @@ PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_ietf_encrypt)
22572257
zend_throw_exception(sodium_exception_ce, "internal error", 0);
22582258
RETURN_THROWS();
22592259
}
2260-
if (ciphertext_real_len <= 0U || ciphertext_real_len >= SIZE_MAX ||
2260+
if (ciphertext_real_len <= 0U || ciphertext_real_len >= ZSTR_MAX_LEN ||
22612261
ciphertext_real_len > ciphertext_len) {
22622262
zend_string_efree(ciphertext);
22632263
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
@@ -2300,7 +2300,7 @@ PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_ietf_decrypt)
23002300
RETURN_THROWS();
23012301
}
23022302
msg_len = ciphertext_len;
2303-
if (msg_len >= SIZE_MAX) {
2303+
if (msg_len >= ZSTR_MAX_LEN) {
23042304
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
23052305
RETURN_THROWS();
23062306
}
@@ -2320,7 +2320,7 @@ PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_ietf_decrypt)
23202320
zend_string_efree(msg);
23212321
RETURN_FALSE;
23222322
}
2323-
if (msg_real_len >= SIZE_MAX || msg_real_len > msg_len) {
2323+
if (msg_real_len >= ZSTR_MAX_LEN || msg_real_len > msg_len) {
23242324
zend_string_efree(msg);
23252325
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
23262326
RETURN_THROWS();
@@ -2362,7 +2362,7 @@ PHP_FUNCTION(sodium_crypto_aead_xchacha20poly1305_ietf_encrypt)
23622362
zend_argument_error(sodium_exception_ce, 4, "must be SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_KEYBYTES bytes long");
23632363
RETURN_THROWS();
23642364
}
2365-
if (SIZE_MAX - msg_len <= crypto_aead_xchacha20poly1305_IETF_ABYTES) {
2365+
if (ZSTR_MAX_LEN - msg_len <= crypto_aead_xchacha20poly1305_IETF_ABYTES) {
23662366
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
23672367
RETURN_THROWS();
23682368
}
@@ -2376,7 +2376,7 @@ PHP_FUNCTION(sodium_crypto_aead_xchacha20poly1305_ietf_encrypt)
23762376
zend_throw_exception(sodium_exception_ce, "internal error", 0);
23772377
RETURN_THROWS();
23782378
}
2379-
if (ciphertext_real_len <= 0U || ciphertext_real_len >= SIZE_MAX ||
2379+
if (ciphertext_real_len <= 0U || ciphertext_real_len >= ZSTR_MAX_LEN ||
23802380
ciphertext_real_len > ciphertext_len) {
23812381
zend_string_efree(ciphertext);
23822382
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
@@ -2422,7 +2422,7 @@ PHP_FUNCTION(sodium_crypto_aead_xchacha20poly1305_ietf_decrypt)
24222422
RETURN_FALSE;
24232423
}
24242424
msg_len = ciphertext_len;
2425-
if (msg_len - crypto_aead_xchacha20poly1305_IETF_ABYTES >= SIZE_MAX) {
2425+
if (msg_len - crypto_aead_xchacha20poly1305_IETF_ABYTES >= ZSTR_MAX_LEN) {
24262426
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
24272427
RETURN_THROWS();
24282428
}
@@ -2439,7 +2439,7 @@ PHP_FUNCTION(sodium_crypto_aead_xchacha20poly1305_ietf_decrypt)
24392439
zend_string_efree(msg);
24402440
RETURN_FALSE;
24412441
}
2442-
if (msg_real_len >= SIZE_MAX || msg_real_len > msg_len) {
2442+
if (msg_real_len >= ZSTR_MAX_LEN || msg_real_len > msg_len) {
24432443
zend_string_efree(msg);
24442444
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
24452445
RETURN_THROWS();
@@ -2463,12 +2463,12 @@ PHP_FUNCTION(sodium_bin2hex)
24632463
sodium_remove_param_values_from_backtrace(EG(exception));
24642464
RETURN_THROWS();
24652465
}
2466-
if (bin_len >= SIZE_MAX / 2U) {
2466+
if (bin_len >= ZSTR_MAX_LEN / 2U) {
24672467
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
24682468
RETURN_THROWS();
24692469
}
24702470
hex_len = bin_len * 2U;
2471-
hex = zend_string_alloc((size_t) hex_len, 0);
2471+
hex = zend_string_alloc(hex_len, 0);
24722472
sodium_bin2hex(ZSTR_VAL(hex), hex_len + 1U, bin, bin_len);
24732473
ZSTR_VAL(hex)[hex_len] = 0;
24742474

@@ -2501,7 +2501,7 @@ PHP_FUNCTION(sodium_hex2bin)
25012501
zend_argument_error(sodium_exception_ce, 1, "must be a valid hexadecimal string");
25022502
RETURN_THROWS();
25032503
}
2504-
if (bin_real_len >= SIZE_MAX || bin_real_len > bin_len) {
2504+
if (bin_real_len >= ZSTR_MAX_LEN || bin_real_len > bin_len) {
25052505
zend_string_efree(bin);
25062506
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
25072507
RETURN_THROWS();
@@ -2530,7 +2530,7 @@ PHP_FUNCTION(sodium_bin2base64)
25302530
zend_argument_error(sodium_exception_ce, 2, "must be a valid base64 variant identifier");
25312531
RETURN_THROWS();
25322532
}
2533-
if (bin_len >= SIZE_MAX / 4U * 3U - 3U - 1U) {
2533+
if (bin_len >= ZSTR_MAX_LEN / 4U * 3U - 3U - 1U) {
25342534
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
25352535
RETURN_THROWS();
25362536
}
@@ -2573,7 +2573,7 @@ PHP_FUNCTION(sodium_base642bin)
25732573
zend_argument_error(sodium_exception_ce, 1, "must be a valid base64 string");
25742574
RETURN_THROWS();
25752575
}
2576-
if (bin_real_len >= SIZE_MAX || bin_real_len > bin_len) {
2576+
if (bin_real_len >= ZSTR_MAX_LEN || bin_real_len > bin_len) {
25772577
zend_string_efree(bin);
25782578
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
25792579
RETURN_THROWS();
@@ -3475,7 +3475,7 @@ PHP_FUNCTION(sodium_crypto_secretstream_xchacha20poly1305_push)
34753475
zend_throw_exception(sodium_exception_ce, "internal error", 0);
34763476
RETURN_THROWS();
34773477
}
3478-
if (c_real_len <= 0U || c_real_len >= SIZE_MAX || c_real_len > c_len) {
3478+
if (c_real_len <= 0U || c_real_len >= ZSTR_MAX_LEN || c_real_len > c_len) {
34793479
zend_string_efree(c);
34803480
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
34813481
RETURN_THROWS();
@@ -3559,7 +3559,7 @@ PHP_FUNCTION(sodium_crypto_secretstream_xchacha20poly1305_pull)
35593559
zend_string_efree(msg);
35603560
RETURN_FALSE;
35613561
}
3562-
if (msg_real_len >= SIZE_MAX || msg_real_len > msg_len) {
3562+
if (msg_real_len >= ZSTR_MAX_LEN || msg_real_len > msg_len) {
35633563
zend_string_efree(msg);
35643564
zend_throw_exception(sodium_exception_ce, "arithmetic overflow", 0);
35653565
RETURN_THROWS();

0 commit comments

Comments
 (0)