Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/php-5_2/php-sapi/patches/63_php_19796954.patch
changeset 3727 425608dcd0e3 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_2/php-sapi/patches/63_php_19796954.patch	Tue Feb 03 15:20:15 2015 -0800
@@ -0,0 +1,29 @@
+Fix for CVE-2014-8088
+Patch:
+http://git.php.net/?p=php-src.git;a=commitdiff_plain;h=ed4de188dd1c15d278a8250e6be3cba142bba6af
+Code:
+http://git.php.net/?p=php-src.git;a=commitdiff;h=ed4de188dd1c15d278a8250e6be3cba142bba6af
+Verified by hand that it patches the correct code.
+
+
+diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
+index 10daa82..da5aa5f 100644
+--- a/ext/ldap/ldap.c
++++ b/ext/ldap/ldap.c
+@@ -399,6 +399,16 @@ PHP_FUNCTION(ldap_bind)
+ 		RETURN_FALSE;
+ 	}
+ 
++	if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) {
++		php_error_docref(NULL TSRMLS_CC, E_WARNING, "DN contains a null byte");
++		RETURN_FALSE;
++	}
++
++	if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) {
++		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Password contains a null byte");
++		RETURN_FALSE;
++	}
++
+ 	ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
+ 
+ 	if ((rc = ldap_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) {
upstream/oracle/userland-gate