CVE-2014-9653

Community BUG:

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9653

Community CODE:

https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f

This patch was adapted from the community reports above.

--- php-5.3.29/ext/fileinfo/libmagic/readelf.c_orig	2015-06-12 16:40:10.463458900 -0700

+++ php-5.3.29/ext/fileinfo/libmagic/readelf.c	2015-06-12 16:59:36.213626077 -0700

@@ -313,7 +313,7 @@

 			file_badseek(ms);

 			return -1;

 		}

-		if (FINFO_READ_FUNC(fd, xph_addr, xph_sizeof) == -1) {

+		if (FINFO_READ_FUNC(fd, xph_addr, xph_sizeof) < (ssize_t)xph_sizeof) {

 			file_badread(ms);

 			return -1;

 		}

@@ -869,7 +869,7 @@

 			file_badseek(ms);

 			return -1;

 		}

-		if (FINFO_READ_FUNC(fd, xsh_addr, xsh_sizeof) == -1) {

+		if (FINFO_READ_FUNC(fd, xsh_addr, xsh_sizeof) < (ssize_t)xsh_sizeof) {

 			file_badread(ms);

 			return -1;

 		}

@@ -901,7 +901,7 @@

 				efree(nbuf);

 				return -1;

 			}

-			if (FINFO_READ_FUNC(fd, nbuf, (size_t)xsh_size) !=

+			if (FINFO_READ_FUNC(fd, nbuf, (size_t)xsh_size) <

 			    (ssize_t)xsh_size) {

 				efree(nbuf);

 				file_badread(ms);

@@ -1058,7 +1058,7 @@

 			return -1;

 		}

-  		if (FINFO_READ_FUNC(fd, xph_addr, xph_sizeof) == -1) {

+  		if (FINFO_READ_FUNC(fd, xph_addr, xph_sizeof) < (ssize_t)xph_sizeof) {

   			file_badread(ms);

 			return -1;

 		}