equal
deleted
inserted
replaced
|
1 Fix for CVE-2014-5120 |
|
2 Based on code in php 5.3.29 from comments in: |
|
3 https://bugs.php.net/bug.php?id=67730 |
|
4 |
|
5 |
|
6 --- php-5.2.17/ext/gd/gd_ctx.c_orig 2010-01-03 01:23:27.000000000 -0800 |
|
7 +++ php-5.2.17/ext/gd/gd_ctx.c 2014-11-04 15:12:01.612256878 -0800 |
|
8 @@ -90,7 +90,9 @@ |
|
9 } |
|
10 |
|
11 if (argc > 1 && (Z_TYPE_PP(file) != IS_NULL && ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))))) { |
|
12 - |
|
13 + if (strlen(Z_STRVAL_PP(file)) != Z_STRLEN_PP(file)) { |
|
14 + RETURN_FALSE; |
|
15 + } |
|
16 PHP_GD_CHECK_OPEN_BASEDIR(fn, "Invalid filename"); |
|
17 |
|
18 fp = VCWD_FOPEN(fn, "wb"); |