Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/php-5_3/php-sapi/patches/370_php_20803826.patch
author Craig Mohrman <craig.mohrman@oracle.com>
Thu, 09 Jul 2015 21:54:40 -0700
branchs11-update
changeset 4615 1a4cf9f7011e
permissions -rw-r--r--
20803826 problem in UTILITY/PHP 21296988 problem in UTILITY/PHP

CVE-2013-6501
Community has no fix.
This patch was developed internally.
Will be offered upstream.


--- php-5.3.29/ext/soap/php_sdl.c_orig	2015-07-06 14:07:57.231116620 -0700
+++ php-5.3.29/ext/soap/php_sdl.c	2015-07-06 14:10:38.341928952 -0700
@@ -1544,6 +1544,7 @@
 	int f;
 	struct stat st;
 	char *in, *buf;
+	uid_t euid;
 
 	f = open(fn, O_RDONLY|O_BINARY);
 	if (f < 0) {
@@ -1553,6 +1554,15 @@
 		close(f);
 		return NULL;
 	}
+	/*
+	 * If I'm not the owner of this file then someone might be
+	 * trying to spoof me.
+	 */
+	euid = geteuid();
+	if (st.st_uid != euid) {
+		close(f);
+		return NULL;
+	}
 	buf = in = emalloc(st.st_size);
 	if (read(f, in, st.st_size) != st.st_size) {
 		close(f);
upstream/oracle/userland-gate