/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2012-2386.patch
ViewVC logotype

Annotation of /rpms/php/sme8/php-5.3.3-CVE-2012-2386.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (hide annotations) (download)
Fri Jun 29 14:54:00 2012 UTC (12 years, 5 months ago) by slords
Branch: MAIN
CVS Tags: php-5_3_3-15_el5_sme, php-5_3_3-16_el5_sme, php-5_3_3-14_el5_sme, php-5_3_3-13_el5_sme_1, php-5_3_3-13_el5_sme_2, php-5_3_3-17_el5_sme, php-5_3_3-13_el5_sme, HEAD
Changes since 1.1: +34 -0 lines
* Fri Jun 29 2012 Shad L. Lords <slords@mail.com> - 5.3.3-13.sme
- Obsolete php-domxml and php-dom [SME: 6733]
- Update Obsoletes and Conflicts [SME: 6436]

1 slords 1.2
2     https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2386
3    
4     http://git.php.net/?p=php-src.git;a=commit;h=158d8a6b088662ce9d31e0c777c6ebe90efdc854
5    
6     --- php-5.3.3/ext/phar/tar.c.cve2386
7     +++ php-5.3.3/ext/phar/tar.c
8     @@ -38,7 +38,7 @@ static php_uint32 phar_tar_number(char *
9     /* }}} */
10    
11     /* adapted from format_octal() in libarchive
12     - *
13     + *
14     * Copyright (c) 2003-2009 Tim Kientzle
15     * All rights reserved.
16     *
17     @@ -161,7 +161,7 @@ static int phar_tar_process_metadata(pha
18     size_t save = php_stream_tell(fp), read;
19     phar_entry_info *mentry;
20    
21     - metadata = (char *) emalloc(entry->uncompressed_filesize + 1);
22     + metadata = (char *) safe_emalloc(1, entry->uncompressed_filesize, 1);
23    
24     read = php_stream_read(fp, metadata, entry->uncompressed_filesize);
25     if (read != entry->uncompressed_filesize) {
26     @@ -367,7 +367,7 @@ bail:
27     }
28    
29     read = php_stream_read(fp, buf, sizeof(buf));
30     -
31     +
32     if (read != sizeof(buf)) {
33     efree(entry.filename);
34     if (error) {

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed