From 87be0c2252f2d9dbace30db2d6026b08c074ee63 Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Fri, 15 Nov 2024 06:13:24 +0000
Subject: [PATCH 1/3] Fix GH-16809: fopen HTTP wrapper timeout stream context
 option overflow.

---
 ext/standard/http_fopen_wrapper.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
index 2b9c7a06298a..43ec0005bb8b 100644
--- a/ext/standard/http_fopen_wrapper.c
+++ b/ext/standard/http_fopen_wrapper.c
@@ -215,6 +215,13 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
 
 	if (context && (tmpzval = php_stream_context_get_option(context, wrapper->wops->label, "timeout")) != NULL) {
 		double d = zval_get_double(tmpzval);
+
+		if (d > (double) PHP_TIMEOUT_ULL_MAX / 1000000.0) {
+			php_stream_wrapper_log_error(wrapper, options, "timeout must be lower than " ZEND_ULONG_FMT, (zend_ulong)((double) PHP_TIMEOUT_ULL_MAX / 1000000.0));
+			zend_string_release(transport_string);
+			php_url_free(resource);
+			return NULL;
+		}
 #ifndef PHP_WIN32
 		timeout.tv_sec = (time_t) d;
 		timeout.tv_usec = (size_t) ((d - timeout.tv_sec) * 1000000);

From da1583b4fc874a5fb513f7c5bb0ebe76b6206b34 Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Fri, 15 Nov 2024 06:43:50 +0000
Subject: [PATCH 2/3] add test

---
 ext/standard/tests/http/gh16810.phpt | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 ext/standard/tests/http/gh16810.phpt

diff --git a/ext/standard/tests/http/gh16810.phpt b/ext/standard/tests/http/gh16810.phpt
new file mode 100644
index 000000000000..4aa563b57b27
--- /dev/null
+++ b/ext/standard/tests/http/gh16810.phpt
@@ -0,0 +1,26 @@
+--TEST--
+Bug #79265 variation: "host:" not at start of header
+--INI--
+allow_url_fopen=1
+--SKIPIF--
+<?php if (PHP_INT_SIZE != 8) die("skip this test is for 64bit platform only"); ?>
+--FILE--
+<?php
+$uri = "http://www.example.com";
+$config = [
+'http' => [
+'timeout' => PHP_INT_MIN,
+],
+];
+$ctx = stream_context_create($config);
+var_dump(fopen($uri, "r", false, $ctx));
+
+$config['http']['timeout'] = PHP_INT_MAX;
+$ctx = stream_context_create($config);
+var_dump(fopen($uri, "r", false, $ctx));
+?>
+--EXPECTF--
+resource(%d) of type (stream)
+
+Warning: fopen(http://www.example.com): Failed to open stream: timeout must be lower than %d in %s on line %d
+bool(false)

From cd1f92a056c1d81c58786ba734124026fb5e4223 Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Sun, 1 Dec 2024 16:40:51 +0000
Subject: [PATCH 3/3] changes for windows.

---
 ext/standard/http_fopen_wrapper.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
index 43ec0005bb8b..0b1bb2e62d84 100644
--- a/ext/standard/http_fopen_wrapper.c
+++ b/ext/standard/http_fopen_wrapper.c
@@ -215,9 +215,14 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
 
 	if (context && (tmpzval = php_stream_context_get_option(context, wrapper->wops->label, "timeout")) != NULL) {
 		double d = zval_get_double(tmpzval);
+#ifndef PHP_WIN32
+		const double timeoutmax = (double) PHP_TIMEOUT_ULL_MAX / 1000000.0;
+#else
+		const double timeoutmax = (double) LONG_MAX / 1000000.0;
+#endif
 
-		if (d > (double) PHP_TIMEOUT_ULL_MAX / 1000000.0) {
-			php_stream_wrapper_log_error(wrapper, options, "timeout must be lower than " ZEND_ULONG_FMT, (zend_ulong)((double) PHP_TIMEOUT_ULL_MAX / 1000000.0));
+		if (d > timeoutmax) {
+			php_stream_wrapper_log_error(wrapper, options, "timeout must be lower than " ZEND_ULONG_FMT, (zend_ulong)timeoutmax);
 			zend_string_release(transport_string);
 			php_url_free(resource);
 			return NULL;