/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2011-1471.patch
ViewVC logotype

Contents of /rpms/php/sme8/php-5.3.3-CVE-2011-1471.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1.2.1 - (show annotations) (download)
Thu Nov 3 22:49:53 2011 UTC (13 years ago) by slords
Branch: redhat-upstream
CVS Tags: php-5_3_3-1_el5_7_3, php-5_3_3-13_el5_9_1, php-5_3_3-1_el5_7_6, php-5_3_3-13_el6
Changes since 1.1: +41 -0 lines
Upstream renamed

1
2 https://bugzilla.redhat.com/show_bug.cgi?id=690915
3
4 http://svn.php.net/viewvc/?view=revision&revision=307917
5
6 (r287095 already included in 5.3.3)
7
8 --- php-5.3.3/ext/zip/zip_stream.c.cve1471
9 +++ php-5.3.3/ext/zip/zip_stream.c
10 @@ -30,11 +30,11 @@ struct php_zip_stream_data_t {
11 /* {{{ php_zip_ops_read */
12 static size_t php_zip_ops_read(php_stream *stream, char *buf, size_t count TSRMLS_DC)
13 {
14 - int n = 0;
15 + ssize_t n = 0;
16 STREAM_DATA_FROM_STREAM();
17
18 if (self->za && self->zf) {
19 - n = (size_t)zip_fread(self->zf, buf, (int)count);
20 + n = zip_fread(self->zf, buf, count);
21 if (n < 0) {
22 int ze, se;
23 zip_file_error_get(self->zf, &ze, &se);
24 @@ -42,13 +42,15 @@ static size_t php_zip_ops_read(php_strea
25 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Zip stream error: %s", zip_file_strerror(self->zf));
26 return 0;
27 }
28 - if (n == 0 || n < count) {
29 + /* cast count to signed value to avoid possibly negative n
30 + * being cast to unsigned value */
31 + if (n == 0 || n < (ssize_t)count) {
32 stream->eof = 1;
33 } else {
34 self->cursor += n;
35 }
36 }
37 - return (n < 1 ? 0 : n);
38 + return (n < 1 ? 0 : (size_t)n);
39 }
40 /* }}} */
41

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed