ext/posix: posix_kill() process_id range check.

pid_t is, for the most part, represented by a signed int, by overflowing
it, we end up being in the -1 case which affect all accessible processes.

Author: devnexen

ext/posix/posix.c

@@ -45,6 +45,12 @@
 # include <sys/sysmacros.h>
 #endif
 
+#if (defined(__sun) && !defined(_LP64)) || defined(_AIX)
+#define POSIX_PID_MAX LONG_MAX
+#else
+#define POSIX_PID_MAX INT_MAX
+#endif
+
 #include "posix_arginfo.h"
 
 ZEND_DECLARE_MODULE_GLOBALS(posix)
@@ -129,6 +135,11 @@ PHP_FUNCTION(posix_kill)
 		Z_PARAM_LONG(sig)
 	ZEND_PARSE_PARAMETERS_END();
 
+	if (pid < -1 || pid > POSIX_PID_MAX) {
+		zend_argument_value_error(1, "must be between -1 and " ZEND_LONG_FMT, POSIX_PID_MAX);
+		RETURN_THROWS();
+	}
+
 	if (kill(pid, sig) < 0) {
 		POSIX_G(last_error) = errno;
 		RETURN_FALSE;

ext/posix/tests/posix_kill_pidoverflow.phpt

@@ -0,0 +1,22 @@
+--TEST--
+posix_kill() with large pid
+--EXTENSIONS--
+posix
+--FILE--
+<?php
+// with pid overflow, it ends up being -1 which means all permissible processes are affected
+try {
+	posix_kill(PHP_INT_MAX, SIGTERM);
+} catch (\ValueError $e) {
+	echo $e->getMessage(), PHP_EOL;
+}
+
+try {
+	posix_kill(PHP_INT_MIN, SIGTERM);
+} catch (\ValueError $e) {
+	echo $e->getMessage(), PHP_EOL;
+}
+?>
+--EXPECTF--
+posix_kill(): Argument #1 ($process_id) must be between -1 and %d
+posix_kill(): Argument #1 ($process_id) must be between -1 and %d