Commit ed8b111

committed

Fix potential OOB when checking for trailing spaces

If `path_len` is zero, we must not access `path`, let alone try to subtract `-1` from it. Since `path` and `path_len` are supposed to come from a `zend_string`, this is not a security issue. Closes GH-17471.

1 parent 022a5fc commit ed8b111Copy full SHA for ed8b111

File tree

2 files changed

-1

lines changed

NEWS
win32
- winutil.c

2 files changed

-1

lines changed

`‎NEWS‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,7 @@ PHP NEWS`
`11`	`11`	`inherited final). (ilutov)`
`12`	`12`	`. Fixed NULL arithmetic during system program execution on Windows. (cmb,`
`13`	`13`	`nielsdos)`
	`14`	`+ . Fixed potential OOB when checking for trailing spaces on Windows. (cmb)`
`14`	`15`
`15`	`16`	`- Enchant:`
`16`	`17`	`. Fix crashes in enchant when passing null bytes. (nielsdos)`

`‎win32/winutil.c‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ PHP_WINUTIL_API void php_win32_error_msg_free(char *msg)`
`56`	`56`
`57`	`57`	`int php_win32_check_trailing_space(const char * path, const size_t path_len)`
`58`	`58`	`{/{{{/`
`59`		`- if (path_len > MAXPATHLEN - 1) {`
	`59`	`+ if (path_len ==0\|\|path_len> MAXPATHLEN - 1) {`
`60`	`60`	`return 1;`
`61`	`61`	`}`
`62`	`62`	`if (path) {`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit ed8b111

File tree

2 files changed

2 files changed

`‎NEWS‎`

`‎win32/winutil.c‎`

0 commit comments