/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2012-2143.patch
ViewVC logotype

Contents of /rpms/php/sme8/php-5.3.3-CVE-2012-2143.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1.2.1 - (show annotations) (download)
Fri Jun 29 14:45:08 2012 UTC (12 years, 5 months ago) by slords
Branch: redhat-upstream
CVS Tags: php-5_3_3-13_el5_9_1, php-5_3_3-13_el6
Changes since 1.1: +39 -0 lines
Upstream import

1
2 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2143
3
4 http://git.php.net/?p=php-src.git;a=commitdiff;h=aab49e934de1fff046e659cbec46e3d053b41c34
5
6 --- php-5.3.3/ext/standard/crypt_freesec.c.cve2143
7 +++ php-5.3.3/ext/standard/crypt_freesec.c
8 @@ -629,7 +629,8 @@ _crypt_extended_r(const char *key, const
9 */
10 q = (u_char *) keybuf;
11 while (q - (u_char *) keybuf < sizeof(keybuf)) {
12 - if ((*q++ = *key << 1))
13 + *q++ = *key << 1;
14 + if (*key)
15 key++;
16 }
17 if (des_setkey((u_char *) keybuf, data))
18 --- php-5.3.3/ext/standard/tests/strings/crypt_chars.phpt.cve2143
19 +++ php-5.3.3/ext/standard/tests/strings/crypt_chars.phpt
20 @@ -0,0 +1,19 @@
21 +--TEST--
22 +crypt() function - characters > 0x80
23 +--SKIPIF--
24 +<?php
25 +if (!function_exists('crypt')) {
26 + die("SKIP crypt() is not available");
27 +}
28 +?>
29 +--FILE--
30 +<?php
31 +var_dump(crypt("À1234abcd", "99"));
32 +var_dump(crypt("À9234abcd", "99"));
33 +var_dump(crypt("À1234abcd", "_01234567"));
34 +var_dump(crypt("À9234abcd", "_01234567"));
35 +--EXPECT--
36 +string(13) "99PxawtsTfX56"
37 +string(13) "99jcVcGxUZOWk"
38 +string(20) "_01234567IBjxKliXXRQ"
39 +string(20) "_012345678OSGpGQRVHA"

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed