| author | Craig Mohrman <craig.mohrman@oracle.com> |
| Thu, 12 Feb 2015 10:14:29 -0800 | |
| branch | s11-update |
| changeset 3777 | 68aef260e079 |
| permissions | -rw-r--r-- |
|
3777
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
1 |
Fix for CVE-2014-3538 |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
2 |
Patch from PHP community: |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
3 |
http://git.php.net/?p=php-src.git;a=commitdiff;h=eeaec70758bfc0c0e2c0f8944c8dbeae02866206 |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
4 |
But this is for php 5.4.32. |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
5 |
The website: |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
6 |
http://permalink.gmane.org/gmane.linux.frugalware.scm/131282 |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
7 |
shows a patch for php 5.3.26 so I've hand crafted a patch |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
8 |
based on both websites. |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
9 |
|
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
10 |
|
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
11 |
--- php-5.3.29/ext/fileinfo/libmagic/softmagic.c_orig 2014-10-20 16:46:35.678013082 -0700 |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
12 |
+++ php-5.3.29/ext/fileinfo/libmagic/softmagic.c 2014-10-22 13:51:20.141509243 -0700 |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
13 |
@@ -56,7 +56,7 @@ |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
14 |
private int32_t moffset(struct magic_set *, struct magic *); |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
15 |
private void mdebug(uint32_t, const char *, size_t); |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
16 |
private int mcopy(struct magic_set *, union VALUETYPE *, int, int, |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
17 |
- const unsigned char *, uint32_t, size_t, size_t); |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
18 |
+ const unsigned char *, uint32_t, size_t, struct magic *); |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
19 |
private int mconvert(struct magic_set *, struct magic *); |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
20 |
private int print_sep(struct magic_set *, int); |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
21 |
private int handle_annotation(struct magic_set *, struct magic *); |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
22 |
@@ -898,7 +898,7 @@ |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
23 |
|
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
24 |
private int |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
25 |
mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir, |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
26 |
- const unsigned char *s, uint32_t offset, size_t nbytes, size_t linecnt) |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
27 |
+ const unsigned char *s, uint32_t offset, size_t nbytes, struct magic *m) |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
28 |
{
|
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
29 |
/* |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
30 |
* Note: FILE_SEARCH and FILE_REGEX do not actually copy |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
31 |
@@ -918,15 +918,24 @@ |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
32 |
const char *last; /* end of search region */ |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
33 |
const char *buf; /* start of search region */ |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
34 |
const char *end; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
35 |
- size_t lines; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
36 |
+ size_t lines, linecnt, bytecnt; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
37 |
+ |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
38 |
+ linecnt = m->str_range; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
39 |
+ bytecnt = linecnt * 80; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
40 |
|
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
41 |
+ if (bytecnt == 0) {
|
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
42 |
+ bytecnt = 8192; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
43 |
+ } |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
44 |
+ if (bytecnt > nbytes) {
|
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
45 |
+ bytecnt = nbytes; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
46 |
+ } |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
47 |
if (s == NULL) {
|
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
48 |
ms->search.s_len = 0; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
49 |
ms->search.s = NULL; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
50 |
return 0; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
51 |
} |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
52 |
buf = RCAST(const char *, s) + offset; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
53 |
- end = last = RCAST(const char *, s) + nbytes; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
54 |
+ end = last = RCAST(const char *, s) + bytecnt; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
55 |
/* mget() guarantees buf <= last */ |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
56 |
for (lines = linecnt, b = buf; lines && b < end && |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
57 |
((b = CAST(const char *, |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
58 |
@@ -939,7 +948,7 @@ |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
59 |
b++; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
60 |
} |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
61 |
if (lines) |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
62 |
- last = RCAST(const char *, s) + nbytes; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
63 |
+ last = RCAST(const char *, s) + bytecnt; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
64 |
|
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
65 |
ms->search.s = buf; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
66 |
ms->search.s_len = last - buf; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
67 |
@@ -1012,7 +1021,6 @@ |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
68 |
int recursion_level) |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
69 |
{
|
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
70 |
uint32_t offset = ms->offset; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
71 |
- uint32_t count = m->str_range; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
72 |
union VALUETYPE *p = &ms->ms_value; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
73 |
|
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
74 |
if (recursion_level >= 20) {
|
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
75 |
@@ -1020,10 +1028,13 @@ |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
76 |
return -1; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
77 |
} |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
78 |
|
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
79 |
- if (mcopy(ms, p, m->type, m->flag & INDIR, s, offset, nbytes, count) == -1) |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
80 |
+ if (mcopy(ms, p, m->type, m->flag & INDIR, s, offset, |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
81 |
+ (uint32_t)nbytes, m) == -1) |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
82 |
return -1; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
83 |
|
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
84 |
if ((ms->flags & MAGIC_DEBUG) != 0) {
|
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
85 |
+ fprintf(stderr, "mget(type=%d, flag=%x, offset=%u, " |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
86 |
+ "nbytes=%zu)\n", m->type, m->flag, offset, nbytes); |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
87 |
mdebug(offset, (char *)(void *)p, sizeof(union VALUETYPE)); |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
88 |
} |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
89 |
|
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
90 |
@@ -1504,7 +1515,7 @@ |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
91 |
if (m->flag & INDIROFFADD) {
|
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
92 |
offset += ms->c.li[cont_level-1].off; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
93 |
} |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
94 |
- if (mcopy(ms, p, m->type, 0, s, offset, nbytes, count) == -1) |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
95 |
+ if (mcopy(ms, p, m->type, 0, s, offset, nbytes, m) == -1) |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
96 |
return -1; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
97 |
ms->offset = offset; |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
98 |