/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2011-4566.patch
ViewVC logotype

Contents of /rpms/php/sme8/php-5.3.3-CVE-2011-4566.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (show annotations) (download)
Fri Feb 3 15:51:39 2012 UTC (12 years, 10 months ago) by slords
Branch: MAIN
CVS Tags: php-5_3_3-15_el5_sme, php-5_3_3-16_el5_sme, php-5_3_3-14_el5_sme, php-5_3_3-1_el5_sme_6, php-5_3_3-13_el5_sme_1, php-5_3_3-13_el5_sme_2, php-5_3_3-17_el5_sme, php-5_3_3-13_el5_sme, HEAD
Changes since 1.1: +34 -0 lines
* Fri Feb 3 2012 Shad L. Lords <slords@mail.com> - 5.3.3-1.6.sme
- Obsolete php-domxml and php-dom [SME: 6733]
- Update Obsoletes and Conflicts [SME: 6436]

1 From 774d031d3e860ccb63acb3defdeb91e8f3fdf515 Mon Sep 17 00:00:00 2001
2 From: "Vojtech Vitek (V-Teq)" <vvitek@redhat.com>
3 Date: Tue, 3 Jan 2012 02:36:51 +0100
4 Subject: [PATCH] Fix integer overflow during the parsing of invalid exif
5 header
6
7 Based on:
8 http://svn.php.net/viewvc/?view=revision&revision=319535
9 http://svn.php.net/viewvc/?view=revision&revision=319534
10 ---
11 ext/exif/exif.c | 4 ++--
12 1 files changed, 2 insertions(+), 2 deletions(-)
13
14 diff --git a/ext/exif/exif.c b/ext/exif/exif.c
15 index 85fa1b9..ecfb402 100644
16 --- a/ext/exif/exif.c
17 +++ b/ext/exif/exif.c
18 @@ -2856,11 +2856,11 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha
19 offset_val = php_ifd_get32u(dir_entry+8, ImageInfo->motorola_intel);
20 /* If its bigger than 4 bytes, the dir entry contains an offset. */
21 value_ptr = offset_base+offset_val;
22 - if (offset_val+byte_count > IFDlength || value_ptr < dir_entry) {
23 + if (byte_count > IFDlength || offset_val > IFDlength-byte_count || value_ptr < dir_entry) {
24 /* It is important to check for IMAGE_FILETYPE_TIFF
25 * JPEG does not use absolute pointers instead its pointers are
26 * relative to the start of the TIFF header in APP1 section. */
27 - if (offset_val+byte_count>ImageInfo->FileSize || (ImageInfo->FileType!=IMAGE_FILETYPE_TIFF_II && ImageInfo->FileType!=IMAGE_FILETYPE_TIFF_MM && ImageInfo->FileType!=IMAGE_FILETYPE_JPEG)) {
28 + if (byte_count > ImageInfo->FileSize || offset_val>ImageInfo->FileSize-byte_count || (ImageInfo->FileType!=IMAGE_FILETYPE_TIFF_II && ImageInfo->FileType!=IMAGE_FILETYPE_TIFF_MM && ImageInfo->FileType!=IMAGE_FILETYPE_JPEG)) {
29 if (value_ptr < dir_entry) {
30 /* we can read this if offset_val > 0 */
31 /* some files have their values in other parts of the file */
32 --
33 1.7.6.2
34

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed