From ccbb116db3dfd2eb7fad22777fc82f5659831706 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sat, 23 Jul 2022 09:22:00 -0500 Subject: [PATCH] Crypt/Base: limit conditions under which safe_intval is used --- phpseclib/Crypt/Base.php | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/phpseclib/Crypt/Base.php b/phpseclib/Crypt/Base.php index d971e5a1..c1cd98d9 100644 --- a/phpseclib/Crypt/Base.php +++ b/phpseclib/Crypt/Base.php @@ -2654,6 +2654,25 @@ class Crypt_Base // PHP_OS & "\xDF\xDF\xDF" == strtoupper(substr(PHP_OS, 0, 3)), but a lot faster case (PHP_OS & "\xDF\xDF\xDF") === 'WIN': return $x; + case (php_uname('m') & "\xDF\xDF\xDF") == 'ARM': + switch (true) { + // PHP_VERSION_ID wasn't a constant until PHP 5.2.7 + case version_compare(PHP_VERSION, '5.3.0') < 1: + /* PHP 7.0.0 introduced a bug that affected 32-bit ARM processors: + + https://github.com/php/php-src/commit/716da71446ebbd40fa6cf2cea8a4b70f504cc3cd + + altho the changelogs make no mention of it, this bug was fixed with this commit: + + https://github.com/php/php-src/commit/c1729272b17a1fe893d1a54e423d3b71470f3ee8 + + affected versions of PHP are: 7.0.x, 7.1.0 - 7.1.23 and 7.2.0 - 7.2.11 */ + case PHP_VERSION_ID >= 70000 && PHP_VERSION_ID <= 70123: + case PHP_VERSION_ID >= 70200 && PHP_VERSION_ID <= 70211: + break; + default: + return $x; + } } return (fmod($x, 0x80000000) & 0x7FFFFFFF) | ((fmod(floor($x / 0x80000000), 2) & 1) << 31); @@ -2674,6 +2693,15 @@ class Crypt_Base case (PHP_OS & "\xDF\xDF\xDF") === 'WIN': return '%s'; break; + case (php_uname('m') & "\xDF\xDF\xDF") == 'ARM': + switch (true) { + case version_compare(PHP_VERSION, '5.3.0') < 1: + case PHP_VERSION_ID >= 70000 && PHP_VERSION_ID <= 70123: + case PHP_VERSION_ID >= 70200 && PHP_VERSION_ID <= 70211: + break; + default: + return '%s'; + } default: $safeint = '(is_int($temp = %s) ? $temp : (fmod($temp, 0x80000000) & 0x7FFFFFFF) | '; return $safeint . '((fmod(floor($temp / 0x80000000), 2) & 1) << 31))';