Fix GH-14780: p(f)sockopen overflow on timeout argument.

Author: devnexen

ext/standard/fsock.c

@@ -73,13 +73,22 @@ static void php_fsockopen_stream(INTERNAL_FUNCTION_PARAMETERS, int persistent)
 	}
 
 	/* prepare the timeout value for use */
+	if (UNEXPECTED(!(timeout >= 0 && timeout <= LONG_MAX / 1000000))) {
+		if (port > 0) {
+			efree(hostname);
+		}
+		if (hashkey) {
+			efree(hashkey);
+		}
+		zend_argument_value_error(6, "must be between 0 and " ZEND_LONG_FMT, (LONG_MAX / 1000000));
+		RETURN_THROWS();
+	}
 #ifndef PHP_WIN32
 	conv = (time_t) (timeout * 1000000.0);
-	tv.tv_sec = conv / 1000000;
 #else
 	conv = (long) (timeout * 1000000.0);
-	tv.tv_sec = conv / 1000000;
 #endif
+	tv.tv_sec = conv / 1000000;
 	tv.tv_usec = conv % 1000000;
 
 	stream = php_stream_xport_create(hostname, hostname_len, REPORT_ERRORS,

ext/standard/tests/streams/gh14780.phpt

@@ -0,0 +1,19 @@
+--TEST--
+GH-14780: p(f)sockopen overflow on timeout.
+--FILE--
+<?php
+$code = null;
+$err = null;
+try {
+	pfsockopen('udp://127.0.0.1', '63844', $code, $err, (PHP_INT_MAX/1000000)+1);
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+try {
+	pfsockopen('udp://127.0.0.1', '63844', $code, $err, (PHP_INT_MIN/1000000)-1);
+} catch (\ValueError $e) {
+	echo $e->getMessage();
+}
+--EXPECTF--
+pfsockopen(): Argument #6 must be between 0 and %s
+pfsockopen(): Argument #6 must be between 0 and %s