mirror of
https://github.com/php/php-src.git
synced 2024-09-23 10:57:26 +00:00
fix unportable dereferencing
This commit is contained in:
parent
be29cb15a6
commit
4d16937449
@ -5067,7 +5067,7 @@ PHP_FUNCTION(openssl_digest)
|
||||
}
|
||||
/* }}} */
|
||||
|
||||
static zend_bool php_openssl_validate_iv(char **piv, int *piv_len, int iv_required_len)
|
||||
static zend_bool php_openssl_validate_iv(char **piv, size_t *piv_len, size_t iv_required_len)
|
||||
{
|
||||
char *iv_new;
|
||||
|
||||
@ -5078,7 +5078,7 @@ static zend_bool php_openssl_validate_iv(char **piv, int *piv_len, int iv_requir
|
||||
|
||||
iv_new = ecalloc(1, iv_required_len + 1);
|
||||
|
||||
if (*piv_len <= 0) {
|
||||
if (*piv_len == 0) {
|
||||
/* BC behavior */
|
||||
*piv_len = iv_required_len;
|
||||
*piv = iv_new;
|
||||
@ -5134,10 +5134,10 @@ PHP_FUNCTION(openssl_encrypt)
|
||||
}
|
||||
|
||||
max_iv_len = EVP_CIPHER_iv_length(cipher_type);
|
||||
if (iv_len <= 0 && max_iv_len > 0) {
|
||||
if (iv_len == 0 && max_iv_len > 0) {
|
||||
php_error_docref(NULL, E_WARNING, "Using an empty Initialization Vector (iv) is potentially insecure and not recommended");
|
||||
}
|
||||
free_iv = php_openssl_validate_iv(&iv, (int *)&iv_len, max_iv_len);
|
||||
free_iv = php_openssl_validate_iv(&iv, &iv_len, max_iv_len);
|
||||
|
||||
outlen = data_len + EVP_CIPHER_block_size(cipher_type);
|
||||
outbuf = zend_string_alloc(outlen, 0);
|
||||
@ -5230,7 +5230,7 @@ PHP_FUNCTION(openssl_decrypt)
|
||||
key = (unsigned char*)password;
|
||||
}
|
||||
|
||||
free_iv = php_openssl_validate_iv(&iv, (int *)&iv_len, EVP_CIPHER_iv_length(cipher_type));
|
||||
free_iv = php_openssl_validate_iv(&iv, &iv_len, EVP_CIPHER_iv_length(cipher_type));
|
||||
|
||||
outlen = data_len + EVP_CIPHER_block_size(cipher_type);
|
||||
outbuf = zend_string_alloc(outlen, 0);
|
||||
|
Loading…
Reference in New Issue
Block a user