/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2010-3710.patch
ViewVC logotype

Contents of /rpms/php/sme8/php-5.3.3-CVE-2010-3710.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Mon Jun 20 19:27:01 2011 UTC (13 years, 5 months ago) by slords
Branch: MAIN
CVS Tags: php-5_3_3-15_el5_sme, php-5_3_3-1_el5_7_3, php-5_3_3-13_el5_9_1, php-5_3_3-16_el5_sme, php-5_3_3-14_el5_sme, php-5_3_3-1_el5_sme_6, php-5_3_3-13_el5_sme_1, php-5_3_3-1_el5_sme_3, php-5_3_3-1_el5_sme_1_0, php-5_3_3-13_el5_sme_2, php-5_3_3-1_el5_sme_1_1, php-5_3_3-17_el5_sme, php-5_3_3-1_el5_7_6, php-5_3_3-13_el5_sme, php-5_3_3-13_el6, php-5_3_3-1_el5_sme_1, HEAD
Branch point for: redhat-upstream
Import upstream sources

1
2 https://bugzilla.redhat.com/show_bug.cgi?id=646684
3
4 http://svn.php.net/viewvc/?view=revision&revision=303779
5
6 --- php-5.3.3/ext/filter/logical_filters.c.cve3710
7 +++ php-5.3.3/ext/filter/logical_filters.c
8 @@ -531,6 +531,11 @@ void php_filter_validate_email(PHP_INPUT
9 int matches;
10
11
12 + /* The maximum length of an e-mail address is 320 octets, per RFC 2821. */
13 + if (Z_STRLEN_P(value) > 320) {
14 + RETURN_VALIDATION_FAILED
15 + }
16 +
17 re = pcre_get_compiled_regex((char *)regexp, &pcre_extra, &preg_options TSRMLS_CC);
18 if (!re) {
19 RETURN_VALIDATION_FAILED
20 --- php-5.3.3/ext/filter/tests/bug52929.phpt.cve3710
21 +++ php-5.3.3/ext/filter/tests/bug52929.phpt
22 @@ -0,0 +1,18 @@
23 +--TEST--
24 +Bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data)
25 +--SKIPIF--
26 +<?php if (!extension_loaded("filter")) die("skip"); ?>
27 +--FILE--
28 +<?php
29 +var_dump(filter_var('valid@email.address', FILTER_VALIDATE_EMAIL));
30 +
31 +// Beyond the allowable limit for an e-mail address.
32 +var_dump(filter_var('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.zz', FILTER_VALIDATE_EMAIL));
33 +
34 +// An invalid address likely to crash PHP due to stack exhaustion if it goes to
35 +// the validation regex.
36 +var_dump(filter_var(str_repeat('x', 8000), FILTER_VALIDATE_EMAIL));
37 +--EXPECT--
38 +string(19) "valid@email.address"
39 +bool(false)
40 +bool(false)

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed