Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/php-5_3/php-sapi/patches/270_php_20192108.patch
branchs11u2-sru
changeset 4534 058d7630f55f 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_3/php-sapi/patches/270_php_20192108.patch	Tue Jun 23 13:44:01 2015 -0700
@@ -0,0 +1,26 @@
+CVE-2014-3710
+Community BUG:
+https://bugs.php.net/bug.php?id=68283
+Community CODE:
+http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d
+really:
+https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0
+This patch was created from the community reports above.
+
+
+--- php-5.3.29/ext/fileinfo/libmagic/readelf.c_orig	2015-06-12 14:26:23.865377086 -0700
++++ php-5.3.29/ext/fileinfo/libmagic/readelf.c	2015-06-12 14:29:09.089820837 -0700
+@@ -368,6 +368,13 @@
+ #endif
+ 	uint32_t namesz, descsz;
+ 
++	if (xnh_sizeof + offset > size) {
++	       /*
++		* We're out of note headers.
++		*/
++		return xnh_sizeof + offset;
++	}
++
+ 	(void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
+ 	offset += xnh_sizeof;
+
upstream/oracle/userland-gate