/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2011-1471.patch
ViewVC logotype

Annotation of /rpms/php/sme8/php-5.3.3-CVE-2011-1471.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (hide annotations) (download)
Thu Nov 3 22:54:19 2011 UTC (13 years ago) by slords
Branch: MAIN
CVS Tags: php-5_3_3-15_el5_sme, php-5_3_3-16_el5_sme, php-5_3_3-14_el5_sme, php-5_3_3-1_el5_sme_6, php-5_3_3-13_el5_sme_1, php-5_3_3-1_el5_sme_3, php-5_3_3-13_el5_sme_2, php-5_3_3-17_el5_sme, php-5_3_3-13_el5_sme, HEAD
Changes since 1.1: +41 -0 lines
* Thu Nov 2 2011 Shad L. Lords <slords@mail.com> - 5.3.3-1.3.sme
- Obsolete php-domxml and php-dom [SME: 6733]
- Update Obsoletes and Conflicts [SME: 6436]

1 slords 1.2
2     https://bugzilla.redhat.com/show_bug.cgi?id=690915
3    
4     http://svn.php.net/viewvc/?view=revision&amp;revision=307917
5    
6     (r287095 already included in 5.3.3)
7    
8     --- php-5.3.3/ext/zip/zip_stream.c.cve1471
9     +++ php-5.3.3/ext/zip/zip_stream.c
10     @@ -30,11 +30,11 @@ struct php_zip_stream_data_t {
11     /* {{{ php_zip_ops_read */
12     static size_t php_zip_ops_read(php_stream *stream, char *buf, size_t count TSRMLS_DC)
13     {
14     - int n = 0;
15     + ssize_t n = 0;
16     STREAM_DATA_FROM_STREAM();
17    
18     if (self->za && self->zf) {
19     - n = (size_t)zip_fread(self->zf, buf, (int)count);
20     + n = zip_fread(self->zf, buf, count);
21     if (n < 0) {
22     int ze, se;
23     zip_file_error_get(self->zf, &ze, &se);
24     @@ -42,13 +42,15 @@ static size_t php_zip_ops_read(php_strea
25     php_error_docref(NULL TSRMLS_CC, E_WARNING, "Zip stream error: %s", zip_file_strerror(self->zf));
26     return 0;
27     }
28     - if (n == 0 || n < count) {
29     + /* cast count to signed value to avoid possibly negative n
30     + * being cast to unsigned value */
31     + if (n == 0 || n < (ssize_t)count) {
32     stream->eof = 1;
33     } else {
34     self->cursor += n;
35     }
36     }
37     - return (n < 1 ? 0 : n);
38     + return (n < 1 ? 0 : (size_t)n);
39     }
40     /* }}} */
41    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed