/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2012-2336.patch
ViewVC logotype

Diff of /rpms/php/sme8/php-5.3.3-CVE-2012-2336.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

Revision 1.1 by slords, Fri Jun 29 14:45:08 2012 UTC Revision 1.2 by slords, Fri Jun 29 14:54:00 2012 UTC
# Line 0  Line 1 
1    
2    The first hunk of this patch is *mitigation* for use of bad wrappers
3    scripts which are vulnerable to CVE-2012-2335.
4    
5    The second hunk of this patch fixes CVE-2012-2336:
6    
7    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2336
8    
9    http://git.php.net/?p=php-src.git;a=commitdiff;h=7de4b75f74a817c3fead32710e04cd015bcc5360
10    
11    --- php-5.3.3/sapi/cgi/cgi_main.c.cve2311
12    +++ php-5.3.3/sapi/cgi/cgi_main.c
13    @@ -1553,10 +1553,15 @@ int main(int argc, char *argv[])
14                    }
15            }
16    
17    -       if((query_string = getenv("QUERY_STRING")) != NULL) {
18    +       if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) {
19    +               /* we've got query string that has no = - apache CGI will pass it to command line */
20    +               unsigned char *p;
21                    decoded_query_string = strdup(query_string);
22                    php_url_decode(decoded_query_string, strlen(decoded_query_string));
23    -               if(*decoded_query_string == '-' && strchr(query_string, '=') == NULL) {
24    +               for (p = decoded_query_string; *p &&  *p <= ' '; p++) {
25    +                       /* skip all leading spaces */
26    +               }
27    +               if(*p == '-') {
28                            skip_getopt = 1;
29                    }
30                    free(decoded_query_string);
31    @@ -1811,7 +1816,7 @@ consult the installation file that came
32            }
33    
34            zend_first_try {
35    -               while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) {
36    +               while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) {
37                            switch (c) {
38                                    case 'T':
39                                            benchmark = 1;


Legend:
Removed lines/characters  
Changed lines/characters
  Added lines/characters

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed