equal
deleted
inserted
replaced
|
1 CVE-2013-6501 |
|
2 Community has no fix. |
|
3 This patch was developed internally. |
|
4 Will be offered upstream. |
|
5 |
|
6 |
|
7 --- php-5.3.29/ext/soap/php_sdl.c_orig 2015-07-06 14:07:57.231116620 -0700 |
|
8 +++ php-5.3.29/ext/soap/php_sdl.c 2015-07-06 14:10:38.341928952 -0700 |
|
9 @@ -1544,6 +1544,7 @@ |
|
10 int f; |
|
11 struct stat st; |
|
12 char *in, *buf; |
|
13 + uid_t euid; |
|
14 |
|
15 f = open(fn, O_RDONLY|O_BINARY); |
|
16 if (f < 0) { |
|
17 @@ -1553,6 +1554,15 @@ |
|
18 close(f); |
|
19 return NULL; |
|
20 } |
|
21 + /* |
|
22 + * If I'm not the owner of this file then someone might be |
|
23 + * trying to spoof me. |
|
24 + */ |
|
25 + euid = geteuid(); |
|
26 + if (st.st_uid != euid) { |
|
27 + close(f); |
|
28 + return NULL; |
|
29 + } |
|
30 buf = in = emalloc(st.st_size); |
|
31 if (read(f, in, st.st_size) != st.st_size) { |
|
32 close(f); |