Skip to content

Commit e3e341b

Browse files
committed
Hash unserialization: Check whirlpool bits counter.
Which should be removed, since the bits counter's lower 3 bits are always zero (all the code involving bufferRem is dead, because bufferRem is always zero).
1 parent 6451872 commit e3e341b

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

ext/hash/hash_whirlpool.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -436,7 +436,9 @@ static int php_whirlpool_unserialize(php_hashcontext_object *hash, zend_long mag
436436
if (magic == PHP_HASH_SERIALIZE_MAGIC_SPEC
437437
&& (r = php_hash_unserialize_spec(hash, zv, PHP_WHIRLPOOL_SPEC)) == SUCCESS
438438
&& ctx->buffer.pos >= 0
439-
&& ctx->buffer.pos < (int) sizeof(ctx->buffer.data)) {
439+
&& ctx->buffer.pos < (int) sizeof(ctx->buffer.data)
440+
&& ctx->buffer.bits >= ctx->buffer.pos * 8
441+
&& ctx->buffer.bits < ctx->buffer.pos * 8 + 8) {
440442
return SUCCESS;
441443
} else {
442444
return r != SUCCESS ? r : -2000;

0 commit comments

Comments
 (0)