Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/php-5_2/php-sapi/patches/61_php_19003253.patch
author Craig Mohrman <craig.mohrman@oracle.com>
Tue, 03 Feb 2015 15:20:15 -0800
changeset 3727 425608dcd0e3
permissions -rw-r--r--
19838509 upgrade php to version 5.3.29 18857741 problem in UTILITY/PHP 18890894 problem in UTILITY/PHP 18890895 problem in UTILITY/PHP 19003253 problem in UTILITY/PHP 19167518 problem in UTILITY/PHP 19519142 problem in UTILITY/PHP 19556437 problem in UTILITY/PHP 19707971 problem in UTILITY/PHP 19796954 problem in UTILITY/PHP

Fix for CVE-2014-4049
Community bug:
https://bugs.php.net/bug.php?id=67432
Patch based on:
https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468
Slightly modified from the above source as the context is slightly different.


--- php-5.2.17/ext/standard/dns.c_orig	2010-01-03 01:23:27.000000000 -0800
+++ php-5.2.17/ext/standard/dns.c	2014-10-17 11:12:46.117985578 -0700
@@ -484,6 +484,10 @@
 				
 				while (ll < dlen) {
 					n = cp[ll];
+					if ((ll + n) >= dlen) {
+						    // Invalid chunk length, truncate
+							n = dlen - (ll + 1);
+				    }
 					memcpy(tp + ll , cp + ll + 1, n);
 					ll = ll + n + 1;
 				}
upstream/oracle/userland-gate