/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2012-2336.patch
ViewVC logotype

Annotation of /rpms/php/sme8/php-5.3.3-CVE-2012-2336.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1.2.1 - (hide annotations) (download)
Fri Jun 29 14:45:08 2012 UTC (12 years, 4 months ago) by slords
Branch: redhat-upstream
CVS Tags: php-5_3_3-13_el5_9_1, php-5_3_3-13_el6
Changes since 1.1: +39 -0 lines
Upstream import

1 slords 1.1.2.1
2     The first hunk of this patch is *mitigation* for use of bad wrappers
3     scripts which are vulnerable to CVE-2012-2335.
4    
5     The second hunk of this patch fixes CVE-2012-2336:
6    
7     https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2336
8    
9     http://git.php.net/?p=php-src.git;a=commitdiff;h=7de4b75f74a817c3fead32710e04cd015bcc5360
10    
11     --- php-5.3.3/sapi/cgi/cgi_main.c.cve2311
12     +++ php-5.3.3/sapi/cgi/cgi_main.c
13     @@ -1553,10 +1553,15 @@ int main(int argc, char *argv[])
14     }
15     }
16    
17     - if((query_string = getenv("QUERY_STRING")) != NULL) {
18     + if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) {
19     + /* we've got query string that has no = - apache CGI will pass it to command line */
20     + unsigned char *p;
21     decoded_query_string = strdup(query_string);
22     php_url_decode(decoded_query_string, strlen(decoded_query_string));
23     - if(*decoded_query_string == '-' && strchr(query_string, '=') == NULL) {
24     + for (p = decoded_query_string; *p && *p <= ' '; p++) {
25     + /* skip all leading spaces */
26     + }
27     + if(*p == '-') {
28     skip_getopt = 1;
29     }
30     free(decoded_query_string);
31     @@ -1811,7 +1816,7 @@ consult the installation file that came
32     }
33    
34     zend_first_try {
35     - while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) {
36     + while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) {
37     switch (c) {
38     case 'T':
39     benchmark = 1;

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed