1 |
|
|
2 |
|
https://bugzilla.redhat.com/show_bug.cgi?id=709067 |
3 |
|
|
4 |
|
http://svn.php.net/viewvc?view=revision&revision=311369 |
5 |
|
http://svn.php.net/viewvc?view=revision&revision=311370 |
6 |
|
|
7 |
|
--- php-5.3.3/ext/sockets/sockets.c.cve1938 |
8 |
|
+++ php-5.3.3/ext/sockets/sockets.c |
9 |
|
@@ -1333,6 +1333,11 @@ PHP_FUNCTION(socket_connect) |
10 |
|
break; |
11 |
|
|
12 |
|
case AF_UNIX: |
13 |
|
+ if (addr_len >= sizeof(s_un.sun_path)) { |
14 |
|
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Path too long"); |
15 |
|
+ RETURN_FALSE; |
16 |
|
+ } |
17 |
|
+ |
18 |
|
memset(&s_un, 0, sizeof(struct sockaddr_un)); |
19 |
|
|
20 |
|
s_un.sun_family = AF_UNIX; |