Ensure $this->_data is initialized.

Prevents possible DOS attack by preventing an infinite loop in certain cases (CVE-2017-9773).
horde · Jun 21, 2017 · 2b8a6fe · 2b8a6fe
1 parent 01a11cc
commit 2b8a6fe
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/framework/Image/lib/Horde/Image/Null.php b/framework/Image/lib/Horde/Image/Null.php
@@ -32,6 +32,8 @@ public function __construct($params, $context = array())
             $this->loadFile($params['filename']);
         } elseif (!empty($params['data'])) {
             $this->loadString($params['data']);
+        } else {
+           $this->_data = new Horde_Stream_Temp();
         }
     }
 }