Adapted for 5.4.16 from


From 1494298231072d5991e76db5ef25f20e81018106 Mon Sep 17 00:00:00 2001
From: Rasmus Lerdorf <rasmus@lerdorf.com>
Date: Sun, 20 Oct 2013 08:55:48 -0700
Subject: [PATCH] Minor Coverity tweaks

---
 ext/ftp/ftp.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ext/ftp/ftp.c b/ext/ftp/ftp.c
index 58d3c2e..4da8d60 100644
--- a/ext/ftp/ftp.c
+++ b/ext/ftp/ftp.c
@@ -1635,7 +1635,7 @@ ftp_genlist(ftpbuf_t *ftp, const char *cmd, const char *path TSRMLS_DC)
 	if (ftp->resp == 226) {
 		ftp->data = data_close(ftp, data);
 		php_stream_close(tmpstream);
-		return ecalloc(1, sizeof(char**));
+		return ecalloc(1, sizeof(char*));
 	}
 
 	/* pull data buffer into tmpfile */
@@ -1663,11 +1663,11 @@ ftp_genlist(ftpbuf_t *ftp, const char *cmd, const char *path TSRMLS_DC)
 		}
 	}
 
-	ftp->data = data = data_close(ftp, data);
+	ftp->data = data_close(ftp, data);
 
 	php_stream_rewind(tmpstream);
 
-	ret = safe_emalloc((lines + 1), sizeof(char**), size * sizeof(char*));
+	ret = safe_emalloc((lines + 1), sizeof(char*), size * sizeof(char*));
 
 	entry = ret;
 	text = (char*) (ret + lines + 1);
-- 
2.1.4

From 8f4a6d6e1b6c36259a5dc865d16f0dad76f2f2c9 Mon Sep 17 00:00:00 2001
From: Rasmus Lerdorf <rasmus@lerdorf.com>
Date: Sun, 20 Oct 2013 09:36:50 -0700
Subject: [PATCH] Clean up this weird safe_emalloc() call

---
 ext/ftp/ftp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/ftp/ftp.c b/ext/ftp/ftp.c
index 4da8d60..b82017e 100644
--- a/ext/ftp/ftp.c
+++ b/ext/ftp/ftp.c
@@ -1667,7 +1667,7 @@ ftp_genlist(ftpbuf_t *ftp, const char *cmd, const char *path TSRMLS_DC)
 
 	php_stream_rewind(tmpstream);
 
-	ret = safe_emalloc((lines + 1), sizeof(char*), size * sizeof(char*));
+	ret = safe_emalloc((lines + 1), sizeof(char*), size);
 
 	entry = ret;
 	text = (char*) (ret + lines + 1);
-- 
2.1.4

From ac2832935435556dc593784cd0087b5e576bbe4d Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Wed, 29 Apr 2015 21:57:33 -0700
Subject: [PATCH] Fix bug #69545 - avoid overflow when reading list

---
 ext/ftp/ftp.c | 82 +++++++++++++++++++++++++++++------------------------------
 1 file changed, 41 insertions(+), 41 deletions(-)

diff --git a/ext/ftp/ftp.c b/ext/ftp/ftp.c
index 3ff54ff..53560eb 100644
--- a/ext/ftp/ftp.c
+++ b/ext/ftp/ftp.c
@@ -1603,8 +1603,8 @@ ftp_genlist(ftpbuf_t *ftp, const char *cmd, const char *path TSRMLS_DC)
 	databuf_t	*data = NULL;
 	char		*ptr;
 	int		ch, lastch;
-	int		size, rcvd;
-	int		lines;
+	size_t		size, rcvd;
+	size_t		lines;
 	char		**ret = NULL;
 	char		**entry;
 	char		*text;
@@ -1646,7 +1646,7 @@ ftp_genlist(ftpbuf_t *ftp, const char *cmd, const char *path TSRMLS_DC)
 	lines = 0;
 	lastch = 0;
 	while ((rcvd = my_recv(ftp, data->fd, data->buf, FTP_BUFSIZE))) {
-		if (rcvd == -1) {
+		if (rcvd == -1 || rcvd > ((size_t)(-1))-size) {
 			goto bail;
 		}
 
-- 
2.1.4

From 0765623d6991b62ffcd93ddb6be8a5203a2fa7e2 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sun, 31 May 2015 17:23:06 -0700
Subject: [PATCH] improve fix for Bug #69545

---
 NEWS          | 4 ++++
 ext/ftp/ftp.c | 2 --
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/ext/ftp/ftp.c b/ext/ftp/ftp.c
index 53560eb..50d8def 100644
--- a/ext/ftp/ftp.c
+++ b/ext/ftp/ftp.c
@@ -1656,8 +1656,6 @@ ftp_genlist(ftpbuf_t *ftp, const char *cmd, const char *path TSRMLS_DC)
 		for (ptr = data->buf; rcvd; rcvd--, ptr++) {
 			if (*ptr == '\n' && lastch == '\r') {
 				lines++;
-			} else {
-				size++;
 			}
 			lastch = *ptr;
 		}
-- 
2.1.4