Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:bastianfriedrich:branches:openSUSE:Leap:15.3:Update
php7
php7-CVE-2021-21707.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php7-CVE-2021-21707.patch of Package php7
Index: php-7.4.6/ext/dom/domimplementation.c =================================================================== --- php-7.4.6.orig/ext/dom/domimplementation.c 2020-05-12 10:09:21.000000000 +0200 +++ php-7.4.6/ext/dom/domimplementation.c 2021-11-26 11:22:10.118332604 +0100 @@ -112,6 +112,11 @@ PHP_METHOD(domimplementation, createDocu pch2 = (xmlChar *) systemid; } + if (strstr(name, "%00")) { + php_error_docref(NULL, E_WARNING, "URI must not contain percent-encoded NUL bytes"); + RETURN_FALSE; + } + uri = xmlParseURI(name); if (uri != NULL && uri->opaque != NULL) { localname = xmlStrdup((xmlChar *) uri->opaque); Index: php-7.4.6/ext/libxml/libxml.c =================================================================== --- php-7.4.6.orig/ext/libxml/libxml.c 2020-05-12 10:09:17.000000000 +0200 +++ php-7.4.6/ext/libxml/libxml.c 2021-11-26 11:22:10.122332630 +0100 @@ -303,6 +303,10 @@ static void *php_libxml_streams_IO_open_ int isescaped=0; xmlURI *uri; + if (strstr(filename, "%00")) { + php_error_docref(NULL, E_WARNING, "URI must not contain percent-encoded NUL bytes"); + return NULL; + } uri = xmlParseURI(filename); if (uri && (uri->scheme == NULL || @@ -434,6 +438,11 @@ php_libxml_output_buffer_create_filename if (URI == NULL) return(NULL); + if (strstr(URI, "%00")) { + php_error_docref(NULL, E_WARNING, "URI must not contain percent-encoded NUL bytes"); + return NULL; + } + puri = xmlParseURI(URI); if (puri != NULL) { if (puri->scheme != NULL)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor