equal
deleted
inserted
replaced
|
1 CVE-2014-3710 |
|
2 Community BUG: |
|
3 https://bugs.php.net/bug.php?id=68283 |
|
4 Community CODE: |
|
5 http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d |
|
6 really: |
|
7 https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 |
|
8 This patch was created from the community reports above. |
|
9 |
|
10 |
|
11 --- php-5.3.29/ext/fileinfo/libmagic/readelf.c_orig 2015-06-12 14:26:23.865377086 -0700 |
|
12 +++ php-5.3.29/ext/fileinfo/libmagic/readelf.c 2015-06-12 14:29:09.089820837 -0700 |
|
13 @@ -368,6 +368,13 @@ |
|
14 #endif |
|
15 uint32_t namesz, descsz; |
|
16 |
|
17 + if (xnh_sizeof + offset > size) { |
|
18 + /* |
|
19 + * We're out of note headers. |
|
20 + */ |
|
21 + return xnh_sizeof + offset; |
|
22 + } |
|
23 + |
|
24 (void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof); |
|
25 offset += xnh_sizeof; |
|
26 |