blob: f3c92e6ff76a8498f78cab6952ddac811886857c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
$NetBSD: patch-ext_standard_var__unserializer.c,v 1.1.2.2 2014/10/25 15:55:51 tron Exp $
* Fix for CVE-2014-3669.
--- ext/standard/var_unserializer.c.orig 2014-08-13 19:27:30.000000000 +0000
+++ ext/standard/var_unserializer.c
@@ -333,7 +333,7 @@ static inline int object_custom(UNSERIAL
(*p) += 2;
- if (datalen < 0 || (*p) + datalen >= max) {
+ if (datalen < 0 || (max - (*p)) <= datalen) {
zend_error(E_WARNING, "Insufficient data for unserializing - %ld required, %ld present", datalen, (long)(max - (*p)));
return 0;
}
|