/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2011-1466.patch
ViewVC logotype

Annotation of /rpms/php/sme8/php-5.3.3-CVE-2011-1466.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1.2.1 - (hide annotations) (download)
Thu Nov 3 22:49:53 2011 UTC (13 years ago) by slords
Branch: redhat-upstream
CVS Tags: php-5_3_3-1_el5_7_3, php-5_3_3-13_el5_9_1, php-5_3_3-1_el5_7_6, php-5_3_3-13_el6
Changes since 1.1: +131 -0 lines
Upstream renamed

1 slords 1.1.2.1
2     https://bugzilla.redhat.com/show_bug.cgi?id=689386
3    
4     http://svn.php.net/viewvc/?view=revision&revision=306475
5    
6     plus:
7     http://svn.php.net/viewvc?view=revision&revision=317360
8     http://svn.php.net/viewvc?view=revision&revision=317387
9     http://svn.php.net/viewvc?view=revision&revision=317393
10    
11     plus similar fix for jewish.c
12    
13     --- php-5.3.3/ext/calendar/gregor.c.cve1466
14     +++ php-5.3.3/ext/calendar/gregor.c
15     @@ -127,6 +127,7 @@
16     **************************************************************************/
17    
18     #include "sdncal.h"
19     +#include <limits.h>
20    
21     #define GREGOR_SDN_OFFSET 32045
22     #define DAYS_PER_5_MONTHS 153
23     @@ -146,21 +147,12 @@ void SdnToGregorian(
24     long int temp;
25     int dayOfYear;
26    
27     - if (sdn <= 0) {
28     - *pYear = 0;
29     - *pMonth = 0;
30     - *pDay = 0;
31     - return;
32     + if (sdn <= 0 ||
33     + sdn > (LONG_MAX - 4 * GREGOR_SDN_OFFSET) / 4) {
34     + goto fail;
35     }
36     temp = (sdn + GREGOR_SDN_OFFSET) * 4 - 1;
37    
38     - if (temp < 0) {
39     - *pYear = 0;
40     - *pMonth = 0;
41     - *pDay = 0;
42     - return;
43     - }
44     -
45     /* Calculate the century (year/100). */
46     century = temp / DAYS_PER_400_YEARS;
47    
48     @@ -190,6 +182,12 @@ void SdnToGregorian(
49     *pYear = year;
50     *pMonth = month;
51     *pDay = day;
52     + return;
53     +
54     +fail:
55     + *pYear = 0;
56     + *pMonth = 0;
57     + *pDay = 0;
58     }
59    
60     long int GregorianToSdn(
61     --- php-5.3.3/ext/calendar/jewish.c.cve1466
62     +++ php-5.3.3/ext/calendar/jewish.c
63     @@ -272,6 +272,7 @@
64     #define HALAKIM_PER_METONIC_CYCLE (HALAKIM_PER_LUNAR_CYCLE * (12 * 19 + 7))
65    
66     #define JEWISH_SDN_OFFSET 347997
67     +#define JEWISH_SDN_MAX 38245310 /* year 103759, 100000 A.D. */
68     #define NEW_MOON_OF_CREATION 31524
69    
70     #define SUNDAY 0
71     @@ -519,7 +520,7 @@ void SdnToJewish(
72     int tishri1After;
73     int yearLength;
74    
75     - if (sdn <= JEWISH_SDN_OFFSET) {
76     + if (sdn <= JEWISH_SDN_OFFSET || sdn > JEWISH_SDN_MAX) {
77     *pYear = 0;
78     *pMonth = 0;
79     *pDay = 0;
80     --- php-5.3.3/ext/calendar/julian.c.cve1466
81     +++ php-5.3.3/ext/calendar/julian.c
82     @@ -146,6 +146,7 @@
83     **************************************************************************/
84    
85     #include "sdncal.h"
86     +#include <limits.h>
87    
88     #define JULIAN_SDN_OFFSET 32083
89     #define DAYS_PER_5_MONTHS 153
90     @@ -164,15 +165,22 @@ void SdnToJulian(
91     int dayOfYear;
92    
93     if (sdn <= 0) {
94     - *pYear = 0;
95     - *pMonth = 0;
96     - *pDay = 0;
97     - return;
98     + goto fail;
99     }
100     - temp = (sdn + JULIAN_SDN_OFFSET) * 4 - 1;
101     + /* Check for overflow */
102     + if (sdn > (LONG_MAX - JULIAN_SDN_OFFSET * 4 + 1) / 4 || sdn < LONG_MIN / 4) {
103     + goto fail;
104     + }
105     + temp = sdn * 4 + (JULIAN_SDN_OFFSET * 4 - 1);
106    
107     /* Calculate the year and day of year (1 <= dayOfYear <= 366). */
108     - year = temp / DAYS_PER_4_YEARS;
109     + {
110     + long yearl = temp / DAYS_PER_4_YEARS;
111     + if (yearl > INT_MAX || yearl < INT_MIN) {
112     + goto fail;
113     + }
114     + year = (int) yearl;
115     + }
116     dayOfYear = (temp % DAYS_PER_4_YEARS) / 4 + 1;
117    
118     /* Calculate the month and day of month. */
119     @@ -196,6 +204,12 @@ void SdnToJulian(
120     *pYear = year;
121     *pMonth = month;
122     *pDay = day;
123     + return;
124     +
125     +fail:
126     + *pYear = 0;
127     + *pMonth = 0;
128     + *pDay = 0;
129     }
130    
131     long int JulianToSdn(

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed