Fix GH-16267 socket_strerror overflow on argument value.

only socket_strerror provides user-supplied value to sockets_strerror
handler.

close GH-16270

Author: devnexen

NEWS

@@ -72,6 +72,10 @@ PHP                                                                        NEWS
   . Fixed bug GH-15837 (Segmentation fault in ext/simplexml/simplexml.c).
     (nielsdos)
 
+- Sockets:
+  . Fixed bug GH-16267 (socket_strerror overflow on errno argument).
+    (David Carlier)
+
 - SOAP:
   . Fixed bug #62900 (Wrong namespace on xsd import error message). (nielsdos)
   . Fixed bug GH-16237 (Segmentation fault when cloning SoapServer). (nielsdos)

ext/sockets/sockets.c

@@ -1211,6 +1211,11 @@ PHP_FUNCTION(socket_strerror)
 		RETURN_THROWS();
 	}
 
+	if (ZEND_LONG_EXCEEDS_INT(arg1)) {
+		zend_argument_value_error(1, "must be between %d and %d", INT_MIN, INT_MAX);
+		RETURN_THROWS();
+	}
+
 	RETURN_STRING(sockets_strerror(arg1));
 }
 /* }}} */

ext/sockets/tests/gh16267.phpt

@@ -0,0 +1,22 @@
+--TEST--
+GH-16267 - overflow on socket_strerror argument
+--EXTENSIONS--
+sockets
+--SKIPIF--
+<?php if (PHP_INT_SIZE != 8) die('skip 64-bit only'); ?>
+--FILE--
+<?php
+try {
+	socket_strerror(PHP_INT_MIN);
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+try {
+	socket_strerror(PHP_INT_MAX);
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+?>
+--EXPECTF--
+socket_strerror(): Argument #1 ($error_code) must be between %s and %s
+socket_strerror(): Argument #1 ($error_code) must be between %s and %s