/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2012-2336.patch
ViewVC logotype

Contents of /rpms/php/sme8/php-5.3.3-CVE-2012-2336.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (show annotations) (download)
Fri Jun 29 14:54:00 2012 UTC (12 years, 5 months ago) by slords
Branch: MAIN
CVS Tags: php-5_3_3-15_el5_sme, php-5_3_3-16_el5_sme, php-5_3_3-14_el5_sme, php-5_3_3-13_el5_sme_1, php-5_3_3-13_el5_sme_2, php-5_3_3-17_el5_sme, php-5_3_3-13_el5_sme, HEAD
Changes since 1.1: +39 -0 lines
* Fri Jun 29 2012 Shad L. Lords <slords@mail.com> - 5.3.3-13.sme
- Obsolete php-domxml and php-dom [SME: 6733]
- Update Obsoletes and Conflicts [SME: 6436]

1
2 The first hunk of this patch is *mitigation* for use of bad wrappers
3 scripts which are vulnerable to CVE-2012-2335.
4
5 The second hunk of this patch fixes CVE-2012-2336:
6
7 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2336
8
9 http://git.php.net/?p=php-src.git;a=commitdiff;h=7de4b75f74a817c3fead32710e04cd015bcc5360
10
11 --- php-5.3.3/sapi/cgi/cgi_main.c.cve2311
12 +++ php-5.3.3/sapi/cgi/cgi_main.c
13 @@ -1553,10 +1553,15 @@ int main(int argc, char *argv[])
14 }
15 }
16
17 - if((query_string = getenv("QUERY_STRING")) != NULL) {
18 + if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) {
19 + /* we've got query string that has no = - apache CGI will pass it to command line */
20 + unsigned char *p;
21 decoded_query_string = strdup(query_string);
22 php_url_decode(decoded_query_string, strlen(decoded_query_string));
23 - if(*decoded_query_string == '-' && strchr(query_string, '=') == NULL) {
24 + for (p = decoded_query_string; *p && *p <= ' '; p++) {
25 + /* skip all leading spaces */
26 + }
27 + if(*p == '-') {
28 skip_getopt = 1;
29 }
30 free(decoded_query_string);
31 @@ -1811,7 +1816,7 @@ consult the installation file that came
32 }
33
34 zend_first_try {
35 - while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) {
36 + while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) {
37 switch (c) {
38 case 'T':
39 benchmark = 1;

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed