upstream/oracle/userland-gate: components/php-5_3/php-sapi/patches/273_php

4494 f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	1	CVE-2014-3668
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	2	Community BUG:
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	3	https://bugs.php.net/bug.php?id=68027
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	4	Community CODE:
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	5	http://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	6	Below is the community patch.
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	7
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	8
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	9	From 88412772d295ebf7dd34409534507dc9bcac726e Mon Sep 17 00:00:00 2001
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	10	From: Stanislav Malyshev <[email protected]>
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	11	Date: Sun, 28 Sep 2014 17:33:44 -0700
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	12	Subject: [PATCH] Fix bug #68027 - fix date parsing in XMLRPC lib
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	13
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	14	---
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	15	NEWS \| 5 ++++-
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	16	ext/xmlrpc/libxmlrpc/xmlrpc.c \| 13 ++++++++-----
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	17	ext/xmlrpc/tests/bug68027.phpt \| 44 ++++++++++++++++++++++++++++++++++++++++++
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	18	3 files changed, 56 insertions(+), 6 deletions(-)
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	19	create mode 100644 ext/xmlrpc/tests/bug68027.phpt
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	20
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	21	diff --git a/ext/xmlrpc/libxmlrpc/xmlrpc.c b/ext/xmlrpc/libxmlrpc/xmlrpc.c
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	22	index ce70c2a..b766a54 100644
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	23	--- a/ext/xmlrpc/libxmlrpc/xmlrpc.c
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	24	+++ b/ext/xmlrpc/libxmlrpc/xmlrpc.c
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	25	@@ -219,16 +219,19 @@ static int date_from_ISO8601 (const char text, time_t value) {
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	26	n = 10;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	27	tm.tm_mon = 0;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	28	for(i = 0; i < 2; i++) {
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	29	- XMLRPC_IS_NUMBER(text[i])
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	30	+ XMLRPC_IS_NUMBER(text[i+4])
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	31	tm.tm_mon += (text[i+4]-'0')*n;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	32	n /= 10;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	33	}
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	34	tm.tm_mon --;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	35	+ if(tm.tm_mon < 0 \|\| tm.tm_mon > 11) {
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	36	+ return -1;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	37	+ }
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	38
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	39	n = 10;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	40	tm.tm_mday = 0;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	41	for(i = 0; i < 2; i++) {
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	42	- XMLRPC_IS_NUMBER(text[i])
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	43	+ XMLRPC_IS_NUMBER(text[i+6])
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	44	tm.tm_mday += (text[i+6]-'0')*n;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	45	n /= 10;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	46	}
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	47	@@ -236,7 +239,7 @@ static int date_from_ISO8601 (const char text, time_t value) {
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	48	n = 10;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	49	tm.tm_hour = 0;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	50	for(i = 0; i < 2; i++) {
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	51	- XMLRPC_IS_NUMBER(text[i])
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	52	+ XMLRPC_IS_NUMBER(text[i+9])
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	53	tm.tm_hour += (text[i+9]-'0')*n;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	54	n /= 10;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	55	}
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	56	@@ -244,7 +247,7 @@ static int date_from_ISO8601 (const char text, time_t value) {
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	57	n = 10;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	58	tm.tm_min = 0;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	59	for(i = 0; i < 2; i++) {
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	60	- XMLRPC_IS_NUMBER(text[i])
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	61	+ XMLRPC_IS_NUMBER(text[i+12])
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	62	tm.tm_min += (text[i+12]-'0')*n;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	63	n /= 10;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	64	}
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	65	@@ -252,7 +255,7 @@ static int date_from_ISO8601 (const char text, time_t value) {
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	66	n = 10;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	67	tm.tm_sec = 0;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	68	for(i = 0; i < 2; i++) {
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	69	- XMLRPC_IS_NUMBER(text[i])
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	70	+ XMLRPC_IS_NUMBER(text[i+15])
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	71	tm.tm_sec += (text[i+15]-'0')*n;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	72	n /= 10;
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	73	}
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	74	diff --git a/ext/xmlrpc/tests/bug68027.phpt b/ext/xmlrpc/tests/bug68027.phpt
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	75	new file mode 100644
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	76	index 0000000..a5c96f1
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	77	--- /dev/null
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	78	+++ b/ext/xmlrpc/tests/bug68027.phpt
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	79	@@ -0,0 +1,44 @@
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	80	+--TEST--
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	81	+Bug #68027 (buffer overflow in mkgmtime() function)
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	82	+--SKIPIF--
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	83	+<?php
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	84	+if (!extension_loaded("xmlrpc")) print "skip";
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	85	+?>
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	86	+--FILE--
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	87	+<?php
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	88	+
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	89	+$d = '6-01-01 20:00:00';
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	90	+xmlrpc_set_type($d, 'datetime');
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	91	+var_dump($d);
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	92	+$datetime = "2001-0-08T21:46:40-0400";
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	93	+$obj = xmlrpc_decode("<?xml version=\"1.0\"?><methodResponse><params><param><value><dateTime.iso8601>$datetime</dateTime.iso8601></value></param></params></methodResponse>");
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	94	+print_r($obj);
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	95	+
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	96	+$datetime = "34770-0-08T21:46:40-0400";
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	97	+$obj = xmlrpc_decode("<?xml version=\"1.0\"?><methodResponse><params><param><value><dateTime.iso8601>$datetime</dateTime.iso8601></value></param></params></methodResponse>");
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	98	+print_r($obj);
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	99	+
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	100	+echo "Done\n";
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	101	+?>
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	102	+--EXPECTF--
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	103	+object(stdClass)#1 (3) {
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	104	+ ["scalar"]=>
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	105	+ string(16) "6-01-01 20:00:00"
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	106	+ ["xmlrpc_type"]=>
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	107	+ string(8) "datetime"
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	108	+ ["timestamp"]=>
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	109	+ int(%d)
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	110	+}
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	111	+stdClass Object
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	112	+(
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	113	+ [scalar] => 2001-0-08T21:46:40-0400
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	114	+ [xmlrpc_type] => datetime
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	115	+ [timestamp] => %s
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	116	+)
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	117	+stdClass Object
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	118	+(
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	119	+ [scalar] => 34770-0-08T21:46:40-0400
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	120	+ [xmlrpc_type] => datetime
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	121	+ [timestamp] => %d
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	122	+)
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	123	+Done
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	124	--
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	125	2.1.4
f5b717124172 20192108 problem in UTILITY/PHP Craig Mohrman <craig.mohrman@oracle.com> parents: diff changeset	126

author	Craig Mohrman <craig.mohrman@oracle.com>
	Tue, 16 Jun 2015 14:11:47 -0700
changeset 4494	f5b717124172
permissions	-rw-r--r--