upstream/oracle/userland-gate: components/php-5_3/php-sapi/patches/370_php

4615 1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	1	CVE-2013-6501
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	2	Community has no fix.
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	3	This patch was developed internally.
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	4	Will be offered upstream.
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	5
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	6
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	7	--- php-5.3.29/ext/soap/php_sdl.c_orig 2015-07-06 14:07:57.231116620 -0700
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	8	+++ php-5.3.29/ext/soap/php_sdl.c 2015-07-06 14:10:38.341928952 -0700
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	9	@@ -1544,6 +1544,7 @@
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	10	int f;
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	11	struct stat st;
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	12	char in, buf;
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	13	+ uid_t euid;
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	14
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	15	f = open(fn, O_RDONLY\|O_BINARY);
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	16	if (f < 0) {
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	17	@@ -1553,6 +1554,15 @@
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	18	close(f);
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	19	return NULL;
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	20	}
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	21	+ /*
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	22	+ * If I'm not the owner of this file then someone might be
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	23	+ * trying to spoof me.
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	24	+ */
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	25	+ euid = geteuid();
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	26	+ if (st.st_uid != euid) {
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	27	+ close(f);
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	28	+ return NULL;
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	29	+ }
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	30	buf = in = emalloc(st.st_size);
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	31	if (read(f, in, st.st_size) != st.st_size) {
1a4cf9f7011e 20803826 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	32	close(f);

author	Craig Mohrman <craig.mohrman@oracle.com>
	Thu, 09 Jul 2015 21:54:40 -0700
branch	s11-update
changeset 4615	1a4cf9f7011e
permissions	-rw-r--r--