/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2012-1823.patch
ViewVC logotype

Contents of /rpms/php/sme8/php-5.3.3-CVE-2012-1823.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1.2.1 - (show annotations) (download)
Fri Jun 29 14:45:08 2012 UTC (12 years, 4 months ago) by slords
Branch: redhat-upstream
CVS Tags: php-5_3_3-13_el5_9_1, php-5_3_3-13_el6
Changes since 1.1: +45 -0 lines
Upstream import

1
2 http://git.php.net/?p=php-src.git;a=commitdiff;h=55869a95ab75c0eb99c57201bfeccaef57e0d36d
3
4 plus parentheses around getenv() call to avoid gcc warning
5
6 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1823
7
8 --- php-5.3.3/sapi/cgi/cgi_main.c.cve1823
9 +++ php-5.3.3/sapi/cgi/cgi_main.c
10 @@ -70,6 +70,7 @@
11 #include "php_main.h"
12 #include "fopen_wrappers.h"
13 #include "ext/standard/php_standard.h"
14 +#include "ext/standard/url.h"
15
16 #ifdef PHP_WIN32
17 # include <io.h>
18 @@ -1500,6 +1501,9 @@ int main(int argc, char *argv[])
19 #ifndef PHP_WIN32
20 int status = 0;
21 #endif
22 + char *query_string;
23 + char *decoded_query_string;
24 + int skip_getopt = 0;
25
26 #if 0 && defined(PHP_DEBUG)
27 /* IIS is always making things more difficult. This allows
28 @@ -1549,7 +1553,16 @@ int main(int argc, char *argv[])
29 }
30 }
31
32 - while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) {
33 + if((query_string = getenv("QUERY_STRING")) != NULL) {
34 + decoded_query_string = strdup(query_string);
35 + php_url_decode(decoded_query_string, strlen(decoded_query_string));
36 + if(*decoded_query_string == '-' && strchr(query_string, '=') == NULL) {
37 + skip_getopt = 1;
38 + }
39 + free(decoded_query_string);
40 + }
41 +
42 + while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) {
43 switch (c) {
44 case 'c':
45 if (cgi_sapi_module.php_ini_path_override) {

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed