--- rpms/php/sme8/php-5.3.3-CVE-2011-1466.patch 2011/11/03 22:49:53 1.1 +++ rpms/php/sme8/php-5.3.3-CVE-2011-1466.patch 2011/11/03 22:54:19 1.2 @@ -0,0 +1,131 @@ + +https://bugzilla.redhat.com/show_bug.cgi?id=689386 + +http://svn.php.net/viewvc/?view=revision&revision=306475 + +plus: +http://svn.php.net/viewvc?view=revision&revision=317360 +http://svn.php.net/viewvc?view=revision&revision=317387 +http://svn.php.net/viewvc?view=revision&revision=317393 + +plus similar fix for jewish.c + +--- php-5.3.3/ext/calendar/gregor.c.cve1466 ++++ php-5.3.3/ext/calendar/gregor.c +@@ -127,6 +127,7 @@ + **************************************************************************/ + + #include "sdncal.h" ++#include + + #define GREGOR_SDN_OFFSET 32045 + #define DAYS_PER_5_MONTHS 153 +@@ -146,21 +147,12 @@ void SdnToGregorian( + long int temp; + int dayOfYear; + +- if (sdn <= 0) { +- *pYear = 0; +- *pMonth = 0; +- *pDay = 0; +- return; ++ if (sdn <= 0 || ++ sdn > (LONG_MAX - 4 * GREGOR_SDN_OFFSET) / 4) { ++ goto fail; + } + temp = (sdn + GREGOR_SDN_OFFSET) * 4 - 1; + +- if (temp < 0) { +- *pYear = 0; +- *pMonth = 0; +- *pDay = 0; +- return; +- } +- + /* Calculate the century (year/100). */ + century = temp / DAYS_PER_400_YEARS; + +@@ -190,6 +182,12 @@ void SdnToGregorian( + *pYear = year; + *pMonth = month; + *pDay = day; ++ return; ++ ++fail: ++ *pYear = 0; ++ *pMonth = 0; ++ *pDay = 0; + } + + long int GregorianToSdn( +--- php-5.3.3/ext/calendar/jewish.c.cve1466 ++++ php-5.3.3/ext/calendar/jewish.c +@@ -272,6 +272,7 @@ + #define HALAKIM_PER_METONIC_CYCLE (HALAKIM_PER_LUNAR_CYCLE * (12 * 19 + 7)) + + #define JEWISH_SDN_OFFSET 347997 ++#define JEWISH_SDN_MAX 38245310 /* year 103759, 100000 A.D. */ + #define NEW_MOON_OF_CREATION 31524 + + #define SUNDAY 0 +@@ -519,7 +520,7 @@ void SdnToJewish( + int tishri1After; + int yearLength; + +- if (sdn <= JEWISH_SDN_OFFSET) { ++ if (sdn <= JEWISH_SDN_OFFSET || sdn > JEWISH_SDN_MAX) { + *pYear = 0; + *pMonth = 0; + *pDay = 0; +--- php-5.3.3/ext/calendar/julian.c.cve1466 ++++ php-5.3.3/ext/calendar/julian.c +@@ -146,6 +146,7 @@ + **************************************************************************/ + + #include "sdncal.h" ++#include + + #define JULIAN_SDN_OFFSET 32083 + #define DAYS_PER_5_MONTHS 153 +@@ -164,15 +165,22 @@ void SdnToJulian( + int dayOfYear; + + if (sdn <= 0) { +- *pYear = 0; +- *pMonth = 0; +- *pDay = 0; +- return; ++ goto fail; + } +- temp = (sdn + JULIAN_SDN_OFFSET) * 4 - 1; ++ /* Check for overflow */ ++ if (sdn > (LONG_MAX - JULIAN_SDN_OFFSET * 4 + 1) / 4 || sdn < LONG_MIN / 4) { ++ goto fail; ++ } ++ temp = sdn * 4 + (JULIAN_SDN_OFFSET * 4 - 1); + + /* Calculate the year and day of year (1 <= dayOfYear <= 366). */ +- year = temp / DAYS_PER_4_YEARS; ++ { ++ long yearl = temp / DAYS_PER_4_YEARS; ++ if (yearl > INT_MAX || yearl < INT_MIN) { ++ goto fail; ++ } ++ year = (int) yearl; ++ } + dayOfYear = (temp % DAYS_PER_4_YEARS) / 4 + 1; + + /* Calculate the month and day of month. */ +@@ -196,6 +204,12 @@ void SdnToJulian( + *pYear = year; + *pMonth = month; + *pDay = day; ++ return; ++ ++fail: ++ *pYear = 0; ++ *pMonth = 0; ++ *pDay = 0; + } + + long int JulianToSdn(