/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2012-2143.patch
ViewVC logotype

Annotation of /rpms/php/sme8/php-5.3.3-CVE-2012-2143.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1.2.1 - (hide annotations) (download)
Fri Jun 29 14:45:08 2012 UTC (12 years, 5 months ago) by slords
Branch: redhat-upstream
CVS Tags: php-5_3_3-13_el5_9_1, php-5_3_3-13_el6
Changes since 1.1: +39 -0 lines
Upstream import

1 slords 1.1.2.1
2     https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2143
3    
4     http://git.php.net/?p=php-src.git;a=commitdiff;h=aab49e934de1fff046e659cbec46e3d053b41c34
5    
6     --- php-5.3.3/ext/standard/crypt_freesec.c.cve2143
7     +++ php-5.3.3/ext/standard/crypt_freesec.c
8     @@ -629,7 +629,8 @@ _crypt_extended_r(const char *key, const
9     */
10     q = (u_char *) keybuf;
11     while (q - (u_char *) keybuf < sizeof(keybuf)) {
12     - if ((*q++ = *key << 1))
13     + *q++ = *key << 1;
14     + if (*key)
15     key++;
16     }
17     if (des_setkey((u_char *) keybuf, data))
18     --- php-5.3.3/ext/standard/tests/strings/crypt_chars.phpt.cve2143
19     +++ php-5.3.3/ext/standard/tests/strings/crypt_chars.phpt
20     @@ -0,0 +1,19 @@
21     +--TEST--
22     +crypt() function - characters > 0x80
23     +--SKIPIF--
24     +<?php
25     +if (!function_exists('crypt')) {
26     + die("SKIP crypt() is not available");
27     +}
28     +?>
29     +--FILE--
30     +<?php
31     +var_dump(crypt("À1234abcd", "99"));
32     +var_dump(crypt("À9234abcd", "99"));
33     +var_dump(crypt("À1234abcd", "_01234567"));
34     +var_dump(crypt("À9234abcd", "_01234567"));
35     +--EXPECT--
36     +string(13) "99PxawtsTfX56"
37     +string(13) "99jcVcGxUZOWk"
38     +string(20) "_01234567IBjxKliXXRQ"
39     +string(20) "_012345678OSGpGQRVHA"

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed