Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/php-5_3/php-sapi/patches/370_php_20803826.patch
changeset 4610 d6280e23d377 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_3/php-sapi/patches/370_php_20803826.patch	Thu Jul 09 12:46:30 2015 -0700
@@ -0,0 +1,32 @@
+CVE-2013-6501
+Community has no fix.
+This patch was developed internally.
+Will be offered upstream.
+
+
+--- php-5.3.29/ext/soap/php_sdl.c_orig	2015-07-06 14:07:57.231116620 -0700
++++ php-5.3.29/ext/soap/php_sdl.c	2015-07-06 14:10:38.341928952 -0700
+@@ -1544,6 +1544,7 @@
+ 	int f;
+ 	struct stat st;
+ 	char *in, *buf;
++	uid_t euid;
+ 
+ 	f = open(fn, O_RDONLY|O_BINARY);
+ 	if (f < 0) {
+@@ -1553,6 +1554,15 @@
+ 		close(f);
+ 		return NULL;
+ 	}
++	/*
++	 * If I'm not the owner of this file then someone might be
++	 * trying to spoof me.
++	 */
++	euid = geteuid();
++	if (st.st_uid != euid) {
++		close(f);
++		return NULL;
++	}
+ 	buf = in = emalloc(st.st_size);
+ 	if (read(f, in, st.st_size) != st.st_size) {
+ 		close(f);
upstream/oracle/userland-gate