php/sme8/php-5.3.3-CVE-2012-0831.patch


https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0831
https://bugs.php.net/bug.php?id=61043

http://git.php.net/?p=php-src.git;a=commitdiff;h=87c038be06b8b0eb721270f98c858fd701f5d54b
http://git.php.net/?p=php-src.git;a=commitdiff;h=d1fd5432e1576865dbeb7650b7c7e0fa0bd3a4e1

changes to fpm not applied

diff -up php-5.3.3/main/php_variables.c.cve0831 php-5.3.3/main/php_variables.c
--- php-5.3.3/main/php_variables.c.cve0831      2012-10-16 14:15:43.050835624 +0200
+++ php-5.3.3/main/php_variables.c      2012-10-16 14:17:00.383028652 +0200
@@ -446,7 +446,10 @@ void _php_import_environment_variables(z
 
        /* turn off magic_quotes while importing environment variables */
        int magic_quotes_gpc = PG(magic_quotes_gpc);
-       PG(magic_quotes_gpc) = 0;
+
+       if (magic_quotes_gpc) {
+               zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+       }
 
        for (env = environ; env != NULL && *env != NULL; env++) {
                p = strchr(*env, '=');
@@ -465,7 +468,10 @@ void _php_import_environment_variables(z
        if (t != buf && t != NULL) {
                efree(t);
        }
-       PG(magic_quotes_gpc) = magic_quotes_gpc;
+
+       if (magic_quotes_gpc) {
+               zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+       }
 }
 
 zend_bool php_std_auto_global_callback(char *name, uint name_len TSRMLS_DC)
@@ -589,7 +595,9 @@ static inline void php_register_server_v
                zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_SERVER]);
        }
        PG(http_globals)[TRACK_VARS_SERVER] = array_ptr;
-       PG(magic_quotes_gpc) = 0;
+       if (magic_quotes_gpc) {
+               zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+       }
 
        /* Server variables */
        if (sapi_module.register_server_variables) {
@@ -614,7 +622,9 @@ static inline void php_register_server_v
                php_register_variable_ex("REQUEST_TIME", &new_entry, array_ptr TSRMLS_CC);
        }
 
-       PG(magic_quotes_gpc) = magic_quotes_gpc;
+       if (magic_quotes_gpc) {
+               zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+       }
 }
 /* }}} */
 
diff -up php-5.3.3/sapi/cgi/cgi_main.c.cve0831 php-5.3.3/sapi/cgi/cgi_main.c
--- php-5.3.3/sapi/cgi/cgi_main.c.cve0831       2012-10-16 14:16:27.310946658 +0200
+++ php-5.3.3/sapi/cgi/cgi_main.c       2012-10-16 14:17:00.384028655 +0200
@@ -625,7 +625,9 @@ void cgi_php_import_environment_variable
                int filter_arg = (array_ptr == PG(http_globals)[TRACK_VARS_ENV])?PARSE_ENV:PARSE_SERVER;
 
                /* turn off magic_quotes while importing environment variables */
-               PG(magic_quotes_gpc) = 0;
+               if (magic_quotes_gpc) {
+                       zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+               }
                for (zend_hash_internal_pointer_reset_ex(request->env, &pos);
                        zend_hash_get_current_key_ex(request->env, &var, &var_len, &idx, 0, &pos) == HASH_KEY_IS_STRING &&
                        zend_hash_get_current_data_ex(request->env, (void **) &val, &pos) == SUCCESS;
@@ -637,7 +639,9 @@ void cgi_php_import_environment_variable
                                php_register_variable_safe(var, *val, new_val_len, array_ptr TSRMLS_CC);
                        }
                }
-               PG(magic_quotes_gpc) = magic_quotes_gpc;
+               if (magic_quotes_gpc) {
+                       zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+               }
        }
 }
 
1
2	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0831
3	https://bugs.php.net/bug.php?id=61043
4
5	http://git.php.net/?p=php-src.git;a=commitdiff;h=87c038be06b8b0eb721270f98c858fd701f5d54b
6	http://git.php.net/?p=php-src.git;a=commitdiff;h=d1fd5432e1576865dbeb7650b7c7e0fa0bd3a4e1
7
8	changes to fpm not applied
9
10	diff -up php-5.3.3/main/php_variables.c.cve0831 php-5.3.3/main/php_variables.c
11	--- php-5.3.3/main/php_variables.c.cve0831 2012-10-16 14:15:43.050835624 +0200
12	+++ php-5.3.3/main/php_variables.c 2012-10-16 14:17:00.383028652 +0200
13	@@ -446,7 +446,10 @@ void _php_import_environment_variables(z
14
15	/* turn off magic_quotes while importing environment variables */
16	int magic_quotes_gpc = PG(magic_quotes_gpc);
17	- PG(magic_quotes_gpc) = 0;
18	+
19	+ if (magic_quotes_gpc) {
20	+ zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
21	+ }
22
23	for (env = environ; env != NULL && *env != NULL; env++) {
24	p = strchr(*env, '=');
25	@@ -465,7 +468,10 @@ void _php_import_environment_variables(z
26	if (t != buf && t != NULL) {
27	efree(t);
28	}
29	- PG(magic_quotes_gpc) = magic_quotes_gpc;
30	+
31	+ if (magic_quotes_gpc) {
32	+ zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
33	+ }
34	}
35
36	zend_bool php_std_auto_global_callback(char *name, uint name_len TSRMLS_DC)
37	@@ -589,7 +595,9 @@ static inline void php_register_server_v
38	zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_SERVER]);
39	}
40	PG(http_globals)[TRACK_VARS_SERVER] = array_ptr;
41	- PG(magic_quotes_gpc) = 0;
42	+ if (magic_quotes_gpc) {
43	+ zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
44	+ }
45
46	/* Server variables */
47	if (sapi_module.register_server_variables) {
48	@@ -614,7 +622,9 @@ static inline void php_register_server_v
49	php_register_variable_ex("REQUEST_TIME", &new_entry, array_ptr TSRMLS_CC);
50	}
51
52	- PG(magic_quotes_gpc) = magic_quotes_gpc;
53	+ if (magic_quotes_gpc) {
54	+ zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
55	+ }
56	}
57	/* }}} */
58
59	diff -up php-5.3.3/sapi/cgi/cgi_main.c.cve0831 php-5.3.3/sapi/cgi/cgi_main.c
60	--- php-5.3.3/sapi/cgi/cgi_main.c.cve0831 2012-10-16 14:16:27.310946658 +0200
61	+++ php-5.3.3/sapi/cgi/cgi_main.c 2012-10-16 14:17:00.384028655 +0200
62	@@ -625,7 +625,9 @@ void cgi_php_import_environment_variable
63	int filter_arg = (array_ptr == PG(http_globals)[TRACK_VARS_ENV])?PARSE_ENV:PARSE_SERVER;
64
65	/* turn off magic_quotes while importing environment variables */
66	- PG(magic_quotes_gpc) = 0;
67	+ if (magic_quotes_gpc) {
68	+ zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
69	+ }
70	for (zend_hash_internal_pointer_reset_ex(request->env, &pos);
71	zend_hash_get_current_key_ex(request->env, &var, &var_len, &idx, 0, &pos) == HASH_KEY_IS_STRING &&
72	zend_hash_get_current_data_ex(request->env, (void **) &val, &pos) == SUCCESS;
73	@@ -637,7 +639,9 @@ void cgi_php_import_environment_variable
74	php_register_variable_safe(var, *val, new_val_len, array_ptr TSRMLS_CC);
75	}
76	}
77	- PG(magic_quotes_gpc) = magic_quotes_gpc;
78	+ if (magic_quotes_gpc) {
79	+ zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
80	+ }
81	}
82	}
83