Fix GH-16267 socket_strerror overflow on argument value.

devnexen · devnexen · commit df8f676a4b80 · 2024-10-06T16:11:15.000+01:00
only socket_strerror provides user-supplied value to sockets_strerror
handler.
diff --git a/ext/sockets/sockets.c b/ext/sockets/sockets.c
@@ -1211,6 +1211,11 @@ PHP_FUNCTION(socket_strerror)
 		RETURN_THROWS();
 	}
 
+	if (arg1 < INT_MIN || arg1 > INT_MAX) {
+		zend_argument_value_error(1, "must be between %d and %d", INT_MIN, INT_MAX);
+		RETURN_THROWS();
+	}
+
 	RETURN_STRING(sockets_strerror(arg1));
 }
 /* }}} */
diff --git a/ext/sockets/tests/gh16267.phpt b/ext/sockets/tests/gh16267.phpt
@@ -0,0 +1,23 @@
+--TEST--
+GH-16267 - overflow on socket_strerror argument
+--EXTENSIONS--
+sockets
+--FILE--
+<?php
+try {
+	socket_strerror(PHP_INT_MIN);
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+try {
+	socket_strerror(PHP_INT_MAX);
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+
+var_dump(socket_strerror(-1));
+?>
+--EXPECTF--
+socket_strerror(): Argument #1 ($error_code) must be between %s and %s
+socket_strerror(): Argument #1 ($error_code) must be between %s and %s
+string(16) "Unknown error -1"

Original file line number	Diff line number	Diff line change
`@@ -1211,6 +1211,11 @@ PHP_FUNCTION(socket_strerror)`
`1211`	`1211`	`RETURN_THROWS();`
`1212`	`1212`	`}`
`1213`	`1213`
	`1214`	`+ if (arg1 < INT_MIN \|\| arg1 > INT_MAX) {`
	`1215`	`+ zend_argument_value_error(1, "must be between %d and %d", INT_MIN, INT_MAX);`
	`1216`	`+ RETURN_THROWS();`
	`1217`	`+ }`
	`1218`	`+`
`1214`	`1219`	`RETURN_STRING(sockets_strerror(arg1));`
`1215`	`1220`	`}`
`1216`	`1221`	`/* }}} */`