Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
php7.24757
php7-CVE-2021-21704.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php7-CVE-2021-21704.patch of Package php7.24757
Index: php-7.2.5/ext/pdo_firebird/firebird_driver.c =================================================================== --- php-7.2.5.orig/ext/pdo_firebird/firebird_driver.c 2018-04-24 17:09:57.000000000 +0200 +++ php-7.2.5/ext/pdo_firebird/firebird_driver.c 2021-08-02 14:18:23.046417339 +0200 @@ -206,8 +206,17 @@ static zend_long firebird_handle_doer(pd if (result[0] == isc_info_sql_records) { unsigned i = 3, result_size = isc_vax_integer(&result[1],2); + if (result_size > sizeof(result)) { + ret = -1; + goto free_statement; + } while (result[i] != isc_info_end && i < result_size) { short len = (short)isc_vax_integer(&result[i+1],2); + /* bail out on bad len */ + if (len != 1 && len != 2 && len != 4) { + ret = -1; + goto free_statement; + } if (result[i] != isc_info_req_select_count) { ret += isc_vax_integer(&result[i+3],len); } @@ -500,14 +509,16 @@ static int firebird_handle_set_attribute } /* }}} */ +#define INFO_BUF_LEN 512 + /* callback to used to report database server info */ static void firebird_info_cb(void *arg, char const *s) /* {{{ */ { if (arg) { if (*(char*)arg) { /* second call */ - strcat(arg, " "); + strlcat(arg, " ", INFO_BUF_LEN); } - strcat(arg, s); + strlcat(arg, s, INFO_BUF_LEN); } } /* }}} */ @@ -518,7 +529,7 @@ static int firebird_handle_get_attribute pdo_firebird_db_handle *H = (pdo_firebird_db_handle *)dbh->driver_data; switch (attr) { - char tmp[512]; + char tmp[INFO_BUF_LEN]; case PDO_ATTR_AUTOCOMMIT: ZVAL_LONG(val,dbh->auto_commit); Index: php-7.2.5/ext/pdo_firebird/firebird_statement.c =================================================================== --- php-7.2.5.orig/ext/pdo_firebird/firebird_statement.c 2018-04-24 17:09:57.000000000 +0200 +++ php-7.2.5/ext/pdo_firebird/firebird_statement.c 2021-08-02 14:18:42.854558579 +0200 @@ -133,8 +133,14 @@ static int firebird_stmt_execute(pdo_stm } if (result[0] == isc_info_sql_records) { unsigned i = 3, result_size = isc_vax_integer(&result[1], 2); + if (result_size > sizeof(result)) { + goto error; + } while (result[i] != isc_info_end && i < result_size) { short len = (short) isc_vax_integer(&result[i + 1], 2); + if (len != 1 && len != 2 && len != 4) { + goto error; + } if (result[i] != isc_info_req_select_count) { affected_rows += isc_vax_integer(&result[i + 3], len); } @@ -158,6 +164,7 @@ static int firebird_stmt_execute(pdo_stm return 1; } while (0); +error: RECORD_ERROR(stmt); return 0; @@ -294,6 +301,11 @@ static int firebird_fetch_blob(pdo_stmt_ unsigned short seg_len; ISC_STATUS stat; + /* prevent overflow */ + if (*len == ZEND_ULONG_MAX) { + result = 0; + goto fetch_blob_end; + } *ptr = S->fetch_buf[colno] = erealloc(*ptr, *len+1); for (cur_len = stat = 0; (!stat || stat == isc_segment) && cur_len < *len; cur_len += seg_len) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor