/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2010-3710.patch
ViewVC logotype

Annotation of /rpms/php/sme8/php-5.3.3-CVE-2010-3710.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download)
Mon Jun 20 19:27:01 2011 UTC (12 years, 11 months ago) by slords
Branch: MAIN
CVS Tags: php-5_3_3-15_el5_sme, php-5_3_3-1_el5_7_3, php-5_3_3-13_el5_9_1, php-5_3_3-16_el5_sme, php-5_3_3-14_el5_sme, php-5_3_3-1_el5_sme_6, php-5_3_3-13_el5_sme_1, php-5_3_3-1_el5_sme_3, php-5_3_3-1_el5_sme_1_0, php-5_3_3-13_el5_sme_2, php-5_3_3-1_el5_sme_1_1, php-5_3_3-17_el5_sme, php-5_3_3-1_el5_7_6, php-5_3_3-13_el5_sme, php-5_3_3-13_el6, php-5_3_3-1_el5_sme_1, HEAD
Branch point for: redhat-upstream 
Import upstream sources
1 slords 1.1
2     https://bugzilla.redhat.com/show_bug.cgi?id=646684
3    
4     http://svn.php.net/viewvc/?view=revision&revision=303779
5    
6     --- php-5.3.3/ext/filter/logical_filters.c.cve3710
7     +++ php-5.3.3/ext/filter/logical_filters.c
8     @@ -531,6 +531,11 @@ void php_filter_validate_email(PHP_INPUT
9     int matches;
10    
11    
12     + /* The maximum length of an e-mail address is 320 octets, per RFC 2821. */
13     + if (Z_STRLEN_P(value) > 320) {
14     + RETURN_VALIDATION_FAILED
15     + }
16     +
17     re = pcre_get_compiled_regex((char *)regexp, &pcre_extra, &preg_options TSRMLS_CC);
18     if (!re) {
19     RETURN_VALIDATION_FAILED
20     --- php-5.3.3/ext/filter/tests/bug52929.phpt.cve3710
21     +++ php-5.3.3/ext/filter/tests/bug52929.phpt
22     @@ -0,0 +1,18 @@
23     +--TEST--
24     +Bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data)
25     +--SKIPIF--
26     +<?php if (!extension_loaded("filter")) die("skip"); ?>
27     +--FILE--
28     +<?php
29     +var_dump(filter_var('valid@email.address', FILTER_VALIDATE_EMAIL));
30     +
31     +// Beyond the allowable limit for an e-mail address.
32     +var_dump(filter_var('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.zz', FILTER_VALIDATE_EMAIL));
33     +
34     +// An invalid address likely to crash PHP due to stack exhaustion if it goes to
35     +// the validation regex.
36     +var_dump(filter_var(str_repeat('x', 8000), FILTER_VALIDATE_EMAIL));
37     +--EXPECT--
38     +string(19) "valid@email.address"
39     +bool(false)
40     +bool(false)
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed