--- rpms/php/sme8/php-5.3.3-CVE-2011-1938.patch 2011/11/03 22:49:53 1.1 +++ rpms/php/sme8/php-5.3.3-CVE-2011-1938.patch 2011/11/03 22:54:19 1.2 @@ -0,0 +1,20 @@ + +https://bugzilla.redhat.com/show_bug.cgi?id=709067 + +http://svn.php.net/viewvc?view=revision&revision=311369 +http://svn.php.net/viewvc?view=revision&revision=311370 + +--- php-5.3.3/ext/sockets/sockets.c.cve1938 ++++ php-5.3.3/ext/sockets/sockets.c +@@ -1333,6 +1333,11 @@ PHP_FUNCTION(socket_connect) + break; + + case AF_UNIX: ++ if (addr_len >= sizeof(s_un.sun_path)) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Path too long"); ++ RETURN_FALSE; ++ } ++ + memset(&s_un, 0, sizeof(struct sockaddr_un)); + + s_un.sun_family = AF_UNIX;