/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2011-1469.patch
ViewVC logotype

Diff of /rpms/php/sme8/php-5.3.3-CVE-2011-1469.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

Revision 1.1 by slords, Thu Nov 3 22:49:53 2011 UTC Revision 1.2 by slords, Thu Nov 3 22:54:19 2011 UTC
# Line 0  Line 1 
1    
2    https://bugzilla.redhat.com/show_bug.cgi?id=690905
3    
4    http://svn.php.net/viewvc/?view=revision&revision=308734
5    
6    --- php-5.3.3/ext/standard/ftp_fopen_wrapper.c.cve1469
7    +++ php-5.3.3/ext/standard/ftp_fopen_wrapper.c
8    @@ -72,6 +72,12 @@
9     #define FTPS_ENCRYPT_DATA 1
10     #define GET_FTP_RESULT(stream) get_ftp_result((stream), tmp_line, sizeof(tmp_line) TSRMLS_CC)
11    
12    +typedef struct _php_ftp_dirstream_data {
13    +       php_stream *datastream;
14    +       php_stream *controlstream;
15    +       php_stream *dirstream;
16    +} php_ftp_dirstream_data;
17    +
18     /* {{{ get_ftp_result
19      */
20     static inline int get_ftp_result(php_stream *stream, char *buffer, size_t buffer_size TSRMLS_DC)
21    @@ -97,12 +103,12 @@ static int php_stream_ftp_stream_stat(ph
22      */
23     static int php_stream_ftp_stream_close(php_stream_wrapper *wrapper, php_stream *stream TSRMLS_DC)
24     {
25    -       php_stream *controlstream = (php_stream *)stream->wrapperdata;
26    +       php_stream *controlstream = stream->wrapperthis;
27            
28            if (controlstream) {
29                    php_stream_write_string(controlstream, "QUIT\r\n");
30                    php_stream_close(controlstream);
31    -               stream->wrapperdata = NULL;
32    +               stream->wrapperthis = NULL;
33            }
34            return 0;
35     }
36    @@ -187,7 +193,7 @@ static php_stream *php_ftp_fopen_connect
37                                    || php_stream_xport_crypto_enable(stream, 1 TSRMLS_CC) < 0) {
38                            php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Unable to activate SSL mode");
39                            php_stream_close(stream);
40    -                       stream = NULL;
41    +                       stream->wrapperthis = NULL;
42                            goto connect_errexit;
43                    }
44            
45    @@ -564,7 +570,7 @@ php_stream * php_stream_url_wrap_ftp(php
46            }
47    
48            /* remember control stream */  
49    -       datastream->wrapperdata = (zval *)stream;
50    +       datastream->wrapperthis = stream;
51    
52            php_url_free(resource);
53            return datastream;
54    @@ -588,11 +594,13 @@ errexit:
55     static size_t php_ftp_dirstream_read(php_stream *stream, char *buf, size_t count TSRMLS_DC)
56     {
57            php_stream_dirent *ent = (php_stream_dirent *)buf;
58    -       php_stream *innerstream = (php_stream *)stream->abstract;
59    +       php_stream *innerstream;
60            size_t tmp_len;
61            char *basename;
62            size_t basename_len;
63    
64    +       innerstream =  ((php_ftp_dirstream_data *)stream->abstract)->datastream;
65    +
66            if (count != sizeof(php_stream_dirent)) {
67                    return 0;
68            }
69    @@ -636,13 +644,18 @@ static size_t php_ftp_dirstream_read(php
70      */
71     static int php_ftp_dirstream_close(php_stream *stream, int close_handle TSRMLS_DC)
72     {
73    -       php_stream *innerstream = (php_stream *)stream->abstract;
74    +       php_ftp_dirstream_data *data = stream->abstract;
75    
76    -       if (innerstream->wrapperdata) {
77    -               php_stream_close((php_stream *)innerstream->wrapperdata);
78    -               innerstream->wrapperdata = NULL;
79    -       }
80    -       php_stream_close((php_stream *)stream->abstract);
81    +       /* close control connection */
82    +       if (data->controlstream) {
83    +               php_stream_close(data->controlstream);
84    +               data->controlstream = NULL;
85    +       }
86    +       /* close data connection */
87    +       php_stream_close(data->datastream);
88    +       data->datastream = NULL;
89    +      
90    +       efree(data);
91            stream->abstract = NULL;
92    
93            return 0;
94    @@ -668,6 +681,7 @@ static php_stream_ops php_ftp_dirstream_
95     php_stream * php_stream_ftp_opendir(php_stream_wrapper *wrapper, char *path, char *mode, int options, char **opened_path, php_stream_context *context STREAMS_DC TSRMLS_DC)
96     {
97            php_stream *stream, *reuseid, *datastream = NULL;
98    +       php_ftp_dirstream_data *dirsdata;
99            php_url *resource = NULL;
100            int result = 0, use_ssl, use_ssl_on_data = 0;
101            char *hoststart = NULL, tmp_line[512];
102    @@ -727,11 +741,14 @@ php_stream * php_stream_ftp_opendir(php_
103                    goto opendir_errexit;
104            }
105    
106    -       /* remember control stream */  
107    -       datastream->wrapperdata = (zval *)stream;
108    -
109            php_url_free(resource);
110    -       return php_stream_alloc(&php_ftp_dirstream_ops, datastream, 0, mode);
111    +
112    +       dirsdata = emalloc(sizeof *dirsdata);
113    +       dirsdata->datastream = datastream;
114    +       dirsdata->controlstream = stream;
115    +       dirsdata->dirstream = php_stream_alloc(&php_ftp_dirstream_ops, dirsdata, 0, mode);
116    +
117    +       return dirsdata->dirstream;
118    
119     opendir_errexit:
120            if (resource) {


Legend:
Removed lines/characters  
Changed lines/characters
  Added lines/characters

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed