Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:sjcundy:Programming
php5
php-5.2.5-CVE-2008-2050.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-5.2.5-CVE-2008-2050.patch of Package php5
Index: sapi/cgi/cgi_main.c =================================================================== RCS file: /repository/php-src/sapi/cgi/cgi_main.c,v retrieving revision 1.267.2.15.2.52 retrieving revision 1.267.2.15.2.56 diff -u -p -r1.267.2.15.2.52 -r1.267.2.15.2.56 --- sapi/cgi/cgi_main.c 1 Nov 2007 15:23:14 -0000 1.267.2.15.2.52 +++ sapi/cgi/cgi_main.c 9 Apr 2008 09:16:40 -0000 1.267.2.15.2.56 @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2007 The PHP Group | + | Copyright (c) 1997-2008 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | @@ -21,7 +21,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: cgi_main.c,v 1.267.2.15.2.52 2007/11/01 15:23:14 dmitry Exp $ */ +/* $Id: cgi_main.c,v 1.267.2.15.2.56 2008/04/09 09:16:40 dmitry Exp $ */ #include "php.h" #include "php_globals.h" @@ -1017,7 +1017,7 @@ static void init_request_info(TSRMLS_D) ) { /* PATH_TRANSLATED = PATH_TRANSLATED - SCRIPT_NAME + PATH_INFO */ int ptlen = strlen(pt) - strlen(env_script_name); - int path_translated_len = ptlen + env_path_info ? strlen(env_path_info) : 0; + int path_translated_len = ptlen + (env_path_info ? strlen(env_path_info) : 0); char *path_translated = NULL; path_translated = (char *) emalloc(path_translated_len + 1); @@ -1661,12 +1661,12 @@ consult the installation file that came } script_file = estrdup(php_optarg); no_headers = 1; - /* arguments after the file are considered script args */ - SG(request_info).argc = argc - (php_optind - 1); - SG(request_info).argv = &argv[php_optind - 1]; break; case 'i': /* php info & quit */ + if (script_file) { + efree(script_file); + } if (php_request_startup(TSRMLS_C) == FAILURE) { SG(server_context) = NULL; php_module_shutdown(TSRMLS_C); @@ -1687,6 +1687,9 @@ consult the installation file that came break; case 'm': /* list compiled in modules */ + if (script_file) { + efree(script_file); + } php_output_startup(); php_output_activate(TSRMLS_C); SG(headers_sent) = 1; @@ -1710,6 +1713,9 @@ consult the installation file that came break; case 'v': /* show php version & quit */ + if (script_file) { + efree(script_file); + } no_headers = 1; if (php_request_startup(TSRMLS_C) == FAILURE) { SG(server_context) = NULL; @@ -1721,9 +1727,9 @@ consult the installation file that came SG(request_info).no_headers = 1; } #if ZEND_DEBUG - php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2007 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2008 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); #else - php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2007 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2008 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); #endif php_request_shutdown((void *) 0); exit_status = 0; @@ -1746,6 +1752,18 @@ consult the installation file that came /* override path_translated if -f on command line */ STR_FREE(SG(request_info).path_translated); SG(request_info).path_translated = script_file; + /* before registering argv to module exchange the *new* argv[0] */ + /* we can achieve this without allocating more memory */ + SG(request_info).argc = argc - (php_optind - 1); + SG(request_info).argv = &argv[php_optind - 1]; + SG(request_info).argv[0] = script_file; + } else if (argc > php_optind) { + /* file is on command line, but not in -f opt */ + STR_FREE(SG(request_info).path_translated); + SG(request_info).path_translated = estrdup(argv[php_optind]); + /* arguments after the file are considered script args */ + SG(request_info).argc = argc - php_optind; + SG(request_info).argv = &argv[php_optind]; } if (no_headers) { @@ -1753,14 +1771,6 @@ consult the installation file that came SG(request_info).no_headers = 1; } - if (!SG(request_info).path_translated && argc > php_optind) { - /* arguments after the file are considered script args */ - SG(request_info).argc = argc - php_optind; - SG(request_info).argv = &argv[php_optind]; - /* file is on command line, but not in -f opt */ - SG(request_info).path_translated = estrdup(argv[php_optind++]); - } - /* all remaining arguments are part of the query string this section of code concatenates all remaining arguments into a single string, seperating args with a & Index: sapi/cgi/fastcgi.c =================================================================== RCS file: /repository/php-src/sapi/cgi/fastcgi.c,v retrieving revision 1.4.2.13.2.28 retrieving revision 1.4.2.13.2.30 diff -u -p -r1.4.2.13.2.28 -r1.4.2.13.2.30 --- sapi/cgi/fastcgi.c 7 Sep 2007 08:26:47 -0000 1.4.2.13.2.28 +++ sapi/cgi/fastcgi.c 3 Apr 2008 10:24:44 -0000 1.4.2.13.2.30 @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2007 The PHP Group | + | Copyright (c) 1997-2008 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: fastcgi.c,v 1.4.2.13.2.28 2007/09/07 08:26:47 dmitry Exp $ */ +/* $Id: fastcgi.c,v 1.4.2.13.2.30 2008/04/03 10:24:44 dmitry Exp $ */ #include "php.h" #include "fastcgi.h" @@ -593,6 +593,9 @@ static inline int fcgi_make_header(fcgi_ hdr->reserved = 0; hdr->type = type; hdr->version = FCGI_VERSION_1; + if (pad) { + memset(((unsigned char*)hdr) + sizeof(fcgi_header) + len, 0, pad); + } return pad; } @@ -777,7 +780,7 @@ int fcgi_read(fcgi_request *req, char *s { int ret, n, rest; fcgi_header hdr; - unsigned char buf[8]; + unsigned char buf[255]; n = 0; rest = len; Index: sapi/cgi/fastcgi.h =================================================================== RCS file: /repository/php-src/sapi/cgi/fastcgi.h,v retrieving revision 1.2.2.4.2.5 retrieving revision 1.2.2.4.2.6 diff -u -p -r1.2.2.4.2.5 -r1.2.2.4.2.6 --- sapi/cgi/fastcgi.h 21 May 2007 09:08:13 -0000 1.2.2.4.2.5 +++ sapi/cgi/fastcgi.h 31 Dec 2007 07:20:16 -0000 1.2.2.4.2.6 @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2007 The PHP Group | + | Copyright (c) 1997-2008 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: fastcgi.h,v 1.2.2.4.2.5 2007/05/21 09:08:13 dmitry Exp $ */ +/* $Id: fastcgi.h,v 1.2.2.4.2.6 2007/12/31 07:20:16 sebastian Exp $ */ /* FastCGI protocol */ Index: sapi/cgi/getopt.c =================================================================== RCS file: /repository/php-src/sapi/cgi/Attic/getopt.c,v retrieving revision 1.9.2.1.2.4 retrieving revision 1.9.2.1.2.5 diff -u -p -r1.9.2.1.2.4 -r1.9.2.1.2.5 --- sapi/cgi/getopt.c 23 Apr 2007 11:05:16 -0000 1.9.2.1.2.4 +++ sapi/cgi/getopt.c 31 Dec 2007 07:20:16 -0000 1.9.2.1.2.5 @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2007 The PHP Group | + | Copyright (c) 1997-2008 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: getopt.c,v 1.9.2.1.2.4 2007/04/23 11:05:16 tony2001 Exp $ */ +/* $Id: getopt.c,v 1.9.2.1.2.5 2007/12/31 07:20:16 sebastian Exp $ */ #include <stdio.h> #include <string.h> Index: sapi/cgi/php_getopt.h =================================================================== RCS file: /repository/php-src/sapi/cgi/Attic/php_getopt.h,v retrieving revision 1.7.2.1.2.2 retrieving revision 1.7.2.1.2.3 diff -u -p -r1.7.2.1.2.2 -r1.7.2.1.2.3 --- sapi/cgi/php_getopt.h 15 Apr 2007 22:50:58 -0000 1.7.2.1.2.2 +++ sapi/cgi/php_getopt.h 31 Dec 2007 07:20:16 -0000 1.7.2.1.2.3 @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2007 The PHP Group | + | Copyright (c) 1997-2008 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: php_getopt.h,v 1.7.2.1.2.2 2007/04/15 22:50:58 sniper Exp $ */ +/* $Id: php_getopt.h,v 1.7.2.1.2.3 2007/12/31 07:20:16 sebastian Exp $ */ #include "php.h"
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor