author | Craig Mohrman <craig.mohrman@oracle.com> |
Wed, 11 Feb 2015 10:30:02 -0800 | |
branch | s11u2-sru |
changeset 3810 | 8421290d92e0 |
permissions | -rw-r--r-- |
3810
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
1 |
Fix for CVE-2014-8088 |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
2 |
Patch: |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
3 |
http://git.php.net/?p=php-src.git;a=commitdiff_plain;h=ed4de188dd1c15d278a8250e6be3cba142bba6af |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
4 |
Code: |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
5 |
http://git.php.net/?p=php-src.git;a=commitdiff;h=ed4de188dd1c15d278a8250e6be3cba142bba6af |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
6 |
Verified by hand that it patches the correct code. |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
7 |
|
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
8 |
|
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
9 |
diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
10 |
index 10daa82..da5aa5f 100644 |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
11 |
--- a/ext/ldap/ldap.c |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
12 |
+++ b/ext/ldap/ldap.c |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
13 |
@@ -399,6 +399,16 @@ PHP_FUNCTION(ldap_bind) |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
14 |
RETURN_FALSE; |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
15 |
} |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
16 |
|
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
17 |
+ if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) { |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
18 |
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "DN contains a null byte"); |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
19 |
+ RETURN_FALSE; |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
20 |
+ } |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
21 |
+ |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
22 |
+ if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) { |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
23 |
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Password contains a null byte"); |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
24 |
+ RETURN_FALSE; |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
25 |
+ } |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
26 |
+ |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
27 |
ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link); |
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
28 |
|
8421290d92e0
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
29 |
if ((rc = ldap_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) { |