1 |
|
|
2 |
|
https://bugzilla.redhat.com/show_bug.cgi?id=713194 |
3 |
|
|
4 |
|
http://svn.php.net/viewvc?view=revision&revision=312103 |
5 |
|
|
6 |
|
--- php-5.3.3/main/rfc1867.c.cve2202 |
7 |
|
+++ php-5.3.3/main/rfc1867.c |
8 |
|
@@ -1214,7 +1214,7 @@ filedone: |
9 |
|
#endif |
10 |
|
|
11 |
|
if (!is_anonymous) { |
12 |
|
- if (s && s > filename) { |
13 |
|
+ if (s && s >= filename) { |
14 |
|
safe_php_register_variable(lbuf, s+1, strlen(s+1), NULL, 0 TSRMLS_CC); |
15 |
|
} else { |
16 |
|
safe_php_register_variable(lbuf, filename, strlen(filename), NULL, 0 TSRMLS_CC); |
17 |
|
@@ -1227,7 +1227,7 @@ filedone: |
18 |
|
} else { |
19 |
|
snprintf(lbuf, llen, "%s[name]", param); |
20 |
|
} |
21 |
|
- if (s && s > filename) { |
22 |
|
+ if (s && s >= filename) { |
23 |
|
register_http_post_files_variable(lbuf, s+1, http_post_files, 0 TSRMLS_CC); |
24 |
|
} else { |
25 |
|
register_http_post_files_variable(lbuf, filename, http_post_files, 0 TSRMLS_CC); |