Merge branch 'PHP-8.4' into PHP-8.5

devnexen · devnexen · commit 227541cb96ec · 2025-11-29T23:06:15.000Z
* PHP-8.4: Fix GH-20601: ftp_connect() timeout argument overflow.
diff --git a/ext/ftp/php_ftp.c b/ext/ftp/php_ftp.c
@@ -147,11 +147,18 @@ PHP_FUNCTION(ftp_connect)
 		RETURN_THROWS();
 	}
 
+	const zend_long timeoutmax = (zend_long)((double) PHP_TIMEOUT_ULL_MAX / 1000000.0);
+
 	if (timeout_sec <= 0) {
 		zend_argument_value_error(3, "must be greater than 0");
 		RETURN_THROWS();
 	}
 
+	if (timeout_sec >= timeoutmax) {
+		zend_argument_value_error(3, "must be less than " ZEND_LONG_FMT, timeoutmax);
+		RETURN_THROWS();
+	}
+
 	/* connect */
 	if (!(ftp = ftp_open(host, (short)port, timeout_sec))) {
 		RETURN_FALSE;
diff --git a/ext/ftp/tests/gh20601.phpt b/ext/ftp/tests/gh20601.phpt
@@ -0,0 +1,19 @@
+--TEST--
+GH-20601 (ftp_connect timeout overflow)
+--EXTENSIONS--
+ftp
+--SKIPIF--
+<?php
+if (PHP_INT_SIZE != 8) die("skip: 64-bit only");
+if (PHP_OS_FAMILY === 'Windows') die("skip not for windows");
+?>
+--FILE--
+<?php
+try {
+	ftp_connect('127.0.0.1', 1024, PHP_INT_MAX);
+} catch (\ValueError $e) {
+	echo $e->getMessage();
+}
+?>
+--EXPECTF--
+ftp_connect(): Argument #3 ($timeout) must be less than %d
diff --git a/main/network.c b/main/network.c
@@ -317,6 +317,8 @@ static inline void php_network_set_limit_time(struct timeval *limit_time,
 		struct timeval *timeout)
 {
 	gettimeofday(limit_time, NULL);
+	const double timeoutmax = (double) PHP_TIMEOUT_ULL_MAX / 1000000.0;
+	ZEND_ASSERT(limit_time->tv_sec < (timeoutmax - timeout->tv_sec));
 	limit_time->tv_sec += timeout->tv_sec;
 	limit_time->tv_usec += timeout->tv_usec;
 	if (limit_time->tv_usec >= 1000000) {

Original file line number	Diff line number	Diff line change
`@@ -317,6 +317,8 @@ static inline void php_network_set_limit_time(struct timeval *limit_time,`
`317`	`317`	`struct timeval *timeout)`
`318`	`318`	`{`
`319`	`319`	`gettimeofday(limit_time, NULL);`
	`320`	`+ const double timeoutmax = (double) PHP_TIMEOUT_ULL_MAX / 1000000.0;`
	`321`	`+ ZEND_ASSERT(limit_time->tv_sec < (timeoutmax - timeout->tv_sec));`
`320`	`322`	`limit_time->tv_sec += timeout->tv_sec;`
`321`	`323`	`limit_time->tv_usec += timeout->tv_usec;`
`322`	`324`	`if (limit_time->tv_usec >= 1000000) {`