From 7bd365ebc471409f85e6561f7da4f93d7017bfa4 Mon Sep 17 00:00:00 2001
From: xXx-caillou-xXx
Date: Fri, 13 Jul 2018 14:55:23 +0200
Subject: Fix various possible integer overflows

---
 src/sp_unserialize.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/sp_unserialize.c')

diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c
index db99389..0f27255 100644
--- a/src/sp_unserialize.c
+++ b/src/sp_unserialize.c
@@ -24,6 +24,10 @@ PHP_FUNCTION(sp_serialize) {
   call_user_function(CG(function_table), NULL, &func_name, &hmac, 3, params);
 
   size_t len = Z_STRLEN_P(return_value) + Z_STRLEN(hmac);
+  if (len < Z_STRLEN_P(return_value)) {
+    sp_log_err("overflow_error", "Overflow tentative detected in sp_serialize.");
+    sp_terminate();
+  }
   zend_string *res = zend_string_alloc(len, 0);
 
   memcpy(ZSTR_VAL(res), Z_STRVAL_P(return_value), Z_STRLEN_P(return_value));
-- 
cgit v1.3