File tree 1 file changed +8
-0
lines changed
1 file changed +8
-0
lines changed Original file line number Diff line number Diff line change @@ -692,6 +692,10 @@ PHP_FUNCTION(mcrypt_generic)
692692 if (mcrypt_enc_is_block_mode (pm -> td ) == 1 ) { /* It's a block algorithm */
693693 block_size = mcrypt_enc_get_block_size (pm -> td );
694694 data_size = (((data_len - 1 ) / block_size ) + 1 ) * block_size ;
695+ if (data_size <= 0 ) {
696+ php_error_docref (NULL TSRMLS_CC , E_WARNING , "Integer overflow in data size" );
697+ RETURN_FALSE ;
698+ }
695699 data_s = emalloc (data_size + 1 );
696700 memset (data_s , 0 , data_size );
697701 memcpy (data_s , data , data_len );
@@ -737,6 +741,10 @@ PHP_FUNCTION(mdecrypt_generic)
737741 if (mcrypt_enc_is_block_mode (pm -> td ) == 1 ) { /* It's a block algorithm */
738742 block_size = mcrypt_enc_get_block_size (pm -> td );
739743 data_size = (((data_len - 1 ) / block_size ) + 1 ) * block_size ;
744+ if (data_size <= 0 ) {
745+ php_error_docref (NULL TSRMLS_CC , E_WARNING , "Integer overflow in data size" );
746+ RETURN_FALSE ;
747+ }
740748 data_s = emalloc (data_size + 1 );
741749 memset (data_s , 0 , data_size );
742750 memcpy (data_s , data , data_len );
You can’t perform that action at this time.
0 commit comments