Skip to content

Commit dd791cd

Browse files
dstogovdstogov
committed
Fixed possible read after end of buffer and use after free.
1 parent 0e985d3 commit dd791cd

File tree

1 file changed

+6
-2
lines changed

1 file changed

+6
-2
lines changed

ext/mcrypt/mcrypt.c

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -619,8 +619,11 @@ PHP_FUNCTION(mcrypt_generic_init)
619619

620620
if (iv_len != iv_size) {
621621
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Iv size incorrect; supplied length: %d, needed: %d", iv_len, iv_size);
622+
if (iv_len > iv_size) {
623+
iv_len = iv_size;
624+
}
622625
}
623-
memcpy(iv_s, iv, iv_size);
626+
memcpy(iv_s, iv, iv_len);
624627

625628
mcrypt_generic_deinit(pm->td);
626629
result = mcrypt_generic_init(pm->td, key_s, key_size, iv_s);
@@ -641,8 +644,9 @@ PHP_FUNCTION(mcrypt_generic_init)
641644
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown error");
642645
break;
643646
}
647+
} else {
648+
pm->init = 1;
644649
}
645-
pm->init = 1;
646650
RETVAL_LONG(result);
647651

648652
efree(iv_s);

0 commit comments

Comments
 (0)