Search
j0ke.net Open Build Service
>
Projects
>
internetx
:
php5
>
php-5.3.29
> php-CVE-2014-3669.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File php-CVE-2014-3669.patch of Package php-5.3.29
X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fstandard%2Fvar_unserializer.re;h=6de158392e116823eaba710dbf221e722e351250;hp=130750805f462a4a79cddf5a96e95bf2e63bf432;hb=56754a7f9eba0e4f559b6ca081d9f2a447b3f159;hpb=88412772d295ebf7dd34409534507dc9bcac726e diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re index 1307508..6de1583 100644 --- ext/standard/var_unserializer.re +++ ext/standard/var_unserializer.re @@ -376,7 +376,7 @@ static inline int object_custom(UNSERIALIZE_PARAMETER, zend_class_entry *ce) (*p) += 2; - if (datalen < 0 || (*p) + datalen >= max) { + if (datalen < 0 || (max - (*p)) <= datalen) { zend_error(E_WARNING, "Insufficient data for unserializing - %ld required, %ld present", datalen, (long)(max - (*p))); return 0; }
