php/sme8/php-5.3.3-CVE-2011-2202.patch


https://bugzilla.redhat.com/show_bug.cgi?id=713194

http://svn.php.net/viewvc?view=revision&revision=312103

--- php-5.3.3/main/rfc1867.c.cve2202
+++ php-5.3.3/main/rfc1867.c
@@ -1214,7 +1214,7 @@ filedone:
 #endif
 
                        if (!is_anonymous) {
-                               if (s && s > filename) {
+                               if (s && s >= filename) {
                                        safe_php_register_variable(lbuf, s+1, strlen(s+1), NULL, 0 TSRMLS_CC);
                                } else {
                                        safe_php_register_variable(lbuf, filename, strlen(filename), NULL, 0 TSRMLS_CC);
@@ -1227,7 +1227,7 @@ filedone:
                        } else {
                                snprintf(lbuf, llen, "%s[name]", param);
                        }
-                       if (s && s > filename) {
+                       if (s && s >= filename) {
                                register_http_post_files_variable(lbuf, s+1, http_post_files, 0 TSRMLS_CC);
                        } else {
                                register_http_post_files_variable(lbuf, filename, http_post_files, 0 TSRMLS_CC);
1
2	https://bugzilla.redhat.com/show_bug.cgi?id=713194
3
4	http://svn.php.net/viewvc?view=revision&revision=312103
5
6	--- php-5.3.3/main/rfc1867.c.cve2202
7	+++ php-5.3.3/main/rfc1867.c
8	@@ -1214,7 +1214,7 @@ filedone:
9	#endif
10
11	if (!is_anonymous) {
12	- if (s && s > filename) {
13	+ if (s && s >= filename) {
14	safe_php_register_variable(lbuf, s+1, strlen(s+1), NULL, 0 TSRMLS_CC);
15	} else {
16	safe_php_register_variable(lbuf, filename, strlen(filename), NULL, 0 TSRMLS_CC);
17	@@ -1227,7 +1227,7 @@ filedone:
18	} else {
19	snprintf(lbuf, llen, "%s[name]", param);
20	}
21	- if (s && s > filename) {
22	+ if (s && s >= filename) {
23	register_http_post_files_variable(lbuf, s+1, http_post_files, 0 TSRMLS_CC);
24	} else {
25	register_http_post_files_variable(lbuf, filename, http_post_files, 0 TSRMLS_CC);