/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2013-6420.patch
ViewVC logotype

Annotation of /rpms/php/sme8/php-5.3.3-CVE-2013-6420.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Mon Dec 16 10:46:47 2013 UTC (10 years, 10 months ago) by vip-ire
Branch: MAIN
CVS Tags: php-5_3_3-14_el5_sme, php-5_3_3-17_el5_sme, php-5_3_3-15_el5_sme, php-5_3_3-16_el5_sme, HEAD
* Mon Dec 16 2013 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-14.sme
- Resync with upstream php53, which include:
- add security fix for CVE-2013-6420
- add security fix for CVE-2013-4248
- add upstream reproducer for error_handler (#951075)
- add security fixes for CVE-2006-7243
- add security fixes for CVE-2012-2688, CVE-2012-0831,
  CVE-2011-1398, CVE-2013-1643
- fix segfault in error_handler with
  allow_call_time_pass_reference = Off (#951075)
- fix double free when destroy_zend_class fails (#951076)
- fix possible buffer overflow in pdo_odbc (#869694)
- php script hangs when it exceeds max_execution_time
  when inside an ODBC call (#864954)
- fix zend garbage collector (#892695)
- fix transposed memset arguments in libzip (#953818)
- fix possible segfault in pdo_mysql (#869693)
- fix imap_open DISABLE_AUTHENTICATOR param ignores array (#859369)
- fix stream support in fileinfo (#869697)
- fix setDate when DateTime created from timestamp (#869691)
- fix permission on source files (#869688)
- add php(language) and missing provides (#837044)
-
- fix copy doesn't report failure on partial copy (#951413)

1 vip-ire 1.1 diff -up php-5.3.3/ext/openssl/openssl.c.cve6420 php-5.3.3/ext/openssl/openssl.c
2     --- php-5.3.3/ext/openssl/openssl.c.cve6420 2013-12-05 08:04:41.752296066 +0100
3     +++ php-5.3.3/ext/openssl/openssl.c 2013-12-05 08:04:41.797296532 +0100
4     @@ -306,18 +306,28 @@ static time_t asn1_time_to_time_t(ASN1_U
5     char * thestr;
6     long gmadjust = 0;
7    
8     - if (timestr->length < 13) {
9     + if (ASN1_STRING_type(timestr) != V_ASN1_UTCTIME) {
10     + php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal ASN1 data type for timestamp");
11     + return (time_t)-1;
12     + }
13     +
14     + if (ASN1_STRING_length(timestr) != strlen(ASN1_STRING_data(timestr))) {
15     + php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal length in timestamp");
16     + return (time_t)-1;
17     + }
18     +
19     + if (ASN1_STRING_length(timestr) < 13) {
20     php_error_docref(NULL TSRMLS_CC, E_WARNING, "extension author too lazy to parse %s correctly", timestr->data);
21     return (time_t)-1;
22     }
23    
24     - strbuf = estrdup((char *)timestr->data);
25     + strbuf = estrdup((char *)ASN1_STRING_data(timestr));
26    
27     memset(&thetime, 0, sizeof(thetime));
28    
29     /* we work backwards so that we can use atoi more easily */
30    
31     - thestr = strbuf + timestr->length - 3;
32     + thestr = strbuf + ASN1_STRING_length(timestr) - 3;
33    
34     thetime.tm_sec = atoi(thestr);
35     *thestr = '\0';
36     diff -up php-5.3.3/ext/openssl/tests/cve-2013-6420.crt.cve6420 php-5.3.3/ext/openssl/tests/cve-2013-6420.crt
37     --- php-5.3.3/ext/openssl/tests/cve-2013-6420.crt.cve6420 2013-12-05 08:06:07.996133273 +0100
38     +++ php-5.3.3/ext/openssl/tests/cve-2013-6420.crt 2013-12-05 08:05:51.284979175 +0100
39     @@ -0,0 +1,29 @@
40     +-----BEGIN CERTIFICATE-----
41     +MIIEpDCCA4ygAwIBAgIJAJzu8r6u6eBcMA0GCSqGSIb3DQEBBQUAMIHDMQswCQYD
42     +VQQGEwJERTEcMBoGA1UECAwTTm9yZHJoZWluLVdlc3RmYWxlbjEQMA4GA1UEBwwH
43     +S8ODwrZsbjEUMBIGA1UECgwLU2VrdGlvbkVpbnMxHzAdBgNVBAsMFk1hbGljaW91
44     +cyBDZXJ0IFNlY3Rpb24xITAfBgNVBAMMGG1hbGljaW91cy5zZWt0aW9uZWlucy5k
45     +ZTEqMCgGCSqGSIb3DQEJARYbc3RlZmFuLmVzc2VyQHNla3Rpb25laW5zLmRlMHUY
46     +ZDE5NzAwMTAxMDAwMDAwWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
47     +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
48     +AAAAAAAXDTE0MTEyODExMzkzNVowgcMxCzAJBgNVBAYTAkRFMRwwGgYDVQQIDBNO
49     +b3JkcmhlaW4tV2VzdGZhbGVuMRAwDgYDVQQHDAdLw4PCtmxuMRQwEgYDVQQKDAtT
50     +ZWt0aW9uRWluczEfMB0GA1UECwwWTWFsaWNpb3VzIENlcnQgU2VjdGlvbjEhMB8G
51     +A1UEAwwYbWFsaWNpb3VzLnNla3Rpb25laW5zLmRlMSowKAYJKoZIhvcNAQkBFhtz
52     +dGVmYW4uZXNzZXJAc2VrdGlvbmVpbnMuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
53     +DwAwggEKAoIBAQDDAf3hl7JY0XcFniyEJpSSDqn0OqBr6QP65usJPRt/8PaDoqBu
54     +wEYT/Na+6fsgPjC0uK9DZgWg2tHWWoanSblAMoz5PH6Z+S4SHRZ7e2dDIjPjdhjh
55     +0mLg2UMO5yp0V797Ggs9lNt6JRfH81MN2obXWs4NtztLMuD6egqpr8dDbr34aOs8
56     +pkdui5UawTZksy5pLPHq5cMhFGm06v65CLo0V2Pd9+KAokPrPcN5KLKebz7mLpk6
57     +SMeEXOKP4idEqxyQ7O7fBuHMedsQhu+prY3si3BUyKfQtP5CZnX2bp0wKHxX12DX
58     +1nfFIt9DbGvHTcyOuN+nZLPBm3vWxntyIIvVAgMBAAGjQjBAMAkGA1UdEwQCMAAw
59     +EQYJYIZIAYb4QgEBBAQDAgeAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEF
60     +BQcDAjANBgkqhkiG9w0BAQUFAAOCAQEAG0fZYYCTbdj1XYc+1SnoaPR+vI8C8CaD
61     +8+0UYhdnyU4gga0BAcDrY9e94eEAu6ZqycF6FjLqXXdAboppWocr6T6GD1x33Ckl
62     +VArzG/KxQohGD2JeqkhIMlDomxHO7ka39+Oa8i2vWLVyjU8AZvWMAruHa4EENyG7
63     +lW2AagaFKFCr9TnXTfrdxGVEbv7KVQ6bdhg5p5SjpWH1+Mq03uR3ZXPBYdyV8319
64     +o0lVj1KFI2DCL/liWisJRoof+1cR35Ctd0wYBcpB6TZslMcOPl76dwKwJgeJo2Qg
65     +Zsfmc2vC1/qOlNuNq/0TzzkVGv8ETT3CgaU+UXe4XOVvkccebJn2dg==
66     +-----END CERTIFICATE-----
67     +
68     +
69     diff -up php-5.3.3/ext/openssl/tests/cve-2013-6420.phpt.cve6420 php-5.3.3/ext/openssl/tests/cve-2013-6420.phpt
70     --- php-5.3.3/ext/openssl/tests/cve-2013-6420.phpt.cve6420 2013-12-05 08:06:17.285217439 +0100
71     +++ php-5.3.3/ext/openssl/tests/cve-2013-6420.phpt 2013-12-05 08:05:44.549916055 +0100
72     @@ -0,0 +1,18 @@
73     +--TEST--
74     +CVE-2013-6420
75     +--SKIPIF--
76     +<?php
77     +if (!extension_loaded("openssl")) die("skip");
78     +?>
79     +--FILE--
80     +<?php
81     +$crt = substr(__FILE__, 0, -4).'.crt';
82     +$info = openssl_x509_parse("file://$crt");
83     +var_dump($info['issuer']['emailAddress'], $info["validFrom_time_t"]);
84     +?>
85     +Done
86     +--EXPECTF--
87     +%s openssl_x509_parse(): illegal ASN1 data type for timestamp in %s/cve-2013-6420.php on line 3
88     +string(27) "stefan.esser@sektioneins.de"
89     +int(-1)
90     +Done

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed