/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2012-2386.patch
ViewVC logotype

Contents of /rpms/php/sme8/php-5.3.3-CVE-2012-2386.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.2 - (show annotations) (download)
Fri Jun 29 14:54:00 2012 UTC (11 years, 10 months ago) by slords
Branch: MAIN
CVS Tags: php-5_3_3-15_el5_sme, php-5_3_3-16_el5_sme, php-5_3_3-14_el5_sme, php-5_3_3-13_el5_sme_1, php-5_3_3-13_el5_sme_2, php-5_3_3-17_el5_sme, php-5_3_3-13_el5_sme, HEAD
Changes since 1.1: +34 -0 lines 
* Fri Jun 29 2012 Shad L. Lords <slords@mail.com> - 5.3.3-13.sme
- Obsolete php-domxml and php-dom [SME: 6733]
- Update Obsoletes and Conflicts [SME: 6436]
1
2 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2386
3
4 http://git.php.net/?p=php-src.git;a=commit;h=158d8a6b088662ce9d31e0c777c6ebe90efdc854
5
6 --- php-5.3.3/ext/phar/tar.c.cve2386
7 +++ php-5.3.3/ext/phar/tar.c
8 @@ -38,7 +38,7 @@ static php_uint32 phar_tar_number(char *
9 /* }}} */
10
11 /* adapted from format_octal() in libarchive
12 - *
13 + *
14 * Copyright (c) 2003-2009 Tim Kientzle
15 * All rights reserved.
16 *
17 @@ -161,7 +161,7 @@ static int phar_tar_process_metadata(pha
18 size_t save = php_stream_tell(fp), read;
19 phar_entry_info *mentry;
20
21 - metadata = (char *) emalloc(entry->uncompressed_filesize + 1);
22 + metadata = (char *) safe_emalloc(1, entry->uncompressed_filesize, 1);
23
24 read = php_stream_read(fp, metadata, entry->uncompressed_filesize);
25 if (read != entry->uncompressed_filesize) {
26 @@ -367,7 +367,7 @@ bail:
27 }
28
29 read = php_stream_read(fp, buf, sizeof(buf));
30 -
31 +
32 if (read != sizeof(buf)) {
33 efree(entry.filename);
34 if (error) {
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed