Fix GH-16809: fopen HTTP wrapper timeout stream context option overflow.

devnexen · devnexen · commit 87be0c2252f2 · 2024-12-01T16:34:59.000Z
diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
@@ -215,6 +215,13 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
 
 	if (context && (tmpzval = php_stream_context_get_option(context, wrapper->wops->label, "timeout")) != NULL) {
 		double d = zval_get_double(tmpzval);
+
+		if (d > (double) PHP_TIMEOUT_ULL_MAX / 1000000.0) {
+			php_stream_wrapper_log_error(wrapper, options, "timeout must be lower than " ZEND_ULONG_FMT, (zend_ulong)((double) PHP_TIMEOUT_ULL_MAX / 1000000.0));
+			zend_string_release(transport_string);
+			php_url_free(resource);
+			return NULL;
+		}
 #ifndef PHP_WIN32
 		timeout.tv_sec = (time_t) d;
 		timeout.tv_usec = (size_t) ((d - timeout.tv_sec) * 1000000);
