Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/php-5_2/php-sapi/patches/63_php_19796954.patch
author Craig Mohrman <craig.mohrman@oracle.com>
Wed, 11 Feb 2015 10:30:02 -0800
branchs11u2-sru
changeset 3810 8421290d92e0
permissions -rw-r--r--
19838509 upgrade php to version 5.3.29 18857741 problem in UTILITY/PHP 18890894 problem in UTILITY/PHP 18890895 problem in UTILITY/PHP 19003253 problem in UTILITY/PHP 19167518 problem in UTILITY/PHP 19519142 problem in UTILITY/PHP 19556437 problem in UTILITY/PHP 19707971 problem in UTILITY/PHP 19796954 problem in UTILITY/PHP 20258327 problem in UTILITY/PHP 20488612 announce PHP 5.2 EOF in man page
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
3810
8421290d92e0 19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff changeset 
     1
 
Fix for CVE-2014-8088
8421290d92e0 19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff changeset 
     2
 
Patch:
8421290d92e0 19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff changeset 
     3
 
http://git.php.net/?p=php-src.git;a=commitdiff_plain;h=ed4de188dd1c15d278a8250e6be3cba142bba6af
8421290d92e0 19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff changeset 
     4
 
Code:
8421290d92e0 19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff changeset 
     5
 
http://git.php.net/?p=php-src.git;a=commitdiff;h=ed4de188dd1c15d278a8250e6be3cba142bba6af
8421290d92e0 19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff changeset 
     6
 
Verified by hand that it patches the correct code.
8421290d92e0 19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff changeset 
     7
 












8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




     8














8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




     9


diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c













8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




    10


index 10daa82..da5aa5f 100644













8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




    11


--- a/ext/ldap/ldap.c













8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




    12


+++ b/ext/ldap/ldap.c













8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




    13


@@ -399,6 +399,16 @@ PHP_FUNCTION(ldap_bind)













8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




    14


 		RETURN_FALSE;













8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




    15


 	}













8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




    16


 













8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




    17


+	if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) {













8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




    18


+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "DN contains a null byte");













8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




    19


+		RETURN_FALSE;













8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




    20


+	}













8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




    21


+













8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




    22


+	if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) {













8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




    23


+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Password contains a null byte");













8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




    24


+		RETURN_FALSE;













8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




    25


+	}













8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




    26


+













8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




    27


 	ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);













8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




    28


 













8421290d92e0
19838509 upgrade php to version 5.3.29



Craig Mohrman <craig.mohrman@oracle.com>


parents: 

diff
changeset




    29


 	if ((rc = ldap_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) {















upstream/oracle/userland-gate