Attachment 861145 Details for Bug 1053982 – Patch to the CVE-2006-7243 patch

[patch] Patch to the CVE-2006-7243 patch

php-5.3.3-CVE-2006-7243.fix.patch (text/plain), 3.44 KB, created by Martin Kalén on 2014-02-09 21:08:23 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Martin Kalén

Created: 2014-02-09 21:08:23 UTC

Size: 3.44 KB

patch

obsolete

>--- php-5.3.3-CVE-2006-7243.patch.rhel6	2013-12-05 13:01:03.000000000 +0100
>+++ php-5.3.3-sweco-CVE-2006-7243.patch	2014-02-09 21:53:24.211054188 +0100
>@@ -134,39 +134,51 @@ diff -up php-5.3.3/ext/imap/php_imap.c.c
>  
>  	IMAPG(imap_user)     = estrndup(user, user_len);
> diff -up php-5.3.3/ext/oci8/oci8_interface.c.cve7243 php-5.3.3/ext/oci8/oci8_interface.c
>---- php-5.3.3/ext/oci8/oci8_interface.c.cve7243	2010-01-06 19:58:16.000000000 +0100
>-+++ php-5.3.3/ext/oci8/oci8_interface.c	2013-05-03 11:57:08.294141621 +0200
>-@@ -271,6 +271,10 @@ PHP_FUNCTION(oci_lob_load)
>- 			return;
>- 		}	
>- 	}
>+--- php-5.3.3/ext/oci8/oci8_interface.c.cve7243 2010-01-06 19:58:16.000000000 +0100
>++++ php-5.3.3/ext/oci8/oci8_interface.c 2014-02-09 21:50:05.139556586 +0100
>+@@ -242,7 +242,12 @@ PHP_FUNCTION(oci_lob_import)
>+                        return;
>+                }
>+        }
>+-
> +
>-+	if (strlen(filename) != filename_len) {
>-+		RETURN_FALSE;
>-+	}
>- 	
>- 	if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) {
>- 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property");
>-@@ -662,7 +666,7 @@ PHP_FUNCTION(oci_lob_erase)
>- 			RETURN_FALSE;
>- 		}
>- 	}
>--	
>++       if (strlen(filename) != filename_len) {
>++               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename cannot contain null bytes");
>++               RETURN_FALSE;
>++       }
>++
>+        if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) {
>+                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property");
>+                RETURN_FALSE;
>+@@ -271,7 +276,7 @@ PHP_FUNCTION(oci_lob_load)
>+                        return;
>+                }
>+        }
>+-
> +
>- 	if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) {
>- 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property");
>- 		RETURN_FALSE;
>-@@ -918,6 +922,10 @@ PHP_FUNCTION(oci_lob_export)
>- 		/* nothing to write, fail silently */
>- 		RETURN_FALSE;
>- 	}
>+        if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) {
>+                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property");
>+                RETURN_FALSE;
>+@@ -662,7 +667,7 @@ PHP_FUNCTION(oci_lob_erase)
>+                        RETURN_FALSE;
>+                }
>+        }
>+-
> +
>-+	if (strlen(filename) != filename_len) {
>-+		RETURN_FALSE;
>-+	}
>- 	
>- 	if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
>- 		RETURN_FALSE;
>+        if (zend_hash_find(Z_OBJPROP_P(z_descriptor), "descriptor", sizeof("descriptor"), (void **)&tmp) == FAILURE) {
>+                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to find descriptor property");
>+                RETURN_FALSE;
>+@@ -918,3 +923,7 @@ PHP_FUNCTION(oci_lob_export)
>+                /* nothing to write, fail silently */
>+                RETURN_FALSE;
>+        }
>++
>++       if (strlen(filename) != filename_len) {
>++               RETURN_FALSE;
>++       }
>+
>+        if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
>+                RETURN_FALSE;
> diff -up php-5.3.3/ext/odbc/php_odbc.c.cve7243 php-5.3.3/ext/odbc/php_odbc.c
> --- php-5.3.3/ext/odbc/php_odbc.c.cve7243	2013-05-03 11:57:08.067140362 +0200
> +++ php-5.3.3/ext/odbc/php_odbc.c	2013-05-03 11:57:08.294141621 +0200

Actions: View | Diff

Attachments on bug 1053982: 861145 | 861168