Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/php-5_2/php-sapi/patches/65_php_19556437.patch
author Craig Mohrman <craig.mohrman@oracle.com>
Tue, 03 Feb 2015 15:20:15 -0800
changeset 3727 425608dcd0e3
permissions -rw-r--r--
19838509 upgrade php to version 5.3.29 18857741 problem in UTILITY/PHP 18890894 problem in UTILITY/PHP 18890895 problem in UTILITY/PHP 19003253 problem in UTILITY/PHP 19167518 problem in UTILITY/PHP 19519142 problem in UTILITY/PHP 19556437 problem in UTILITY/PHP 19707971 problem in UTILITY/PHP 19796954 problem in UTILITY/PHP

Fix for CVE-2014-5120
Based on code in php 5.3.29 from comments in:
https://bugs.php.net/bug.php?id=67730


--- php-5.2.17/ext/gd/gd_ctx.c_orig	2010-01-03 01:23:27.000000000 -0800
+++ php-5.2.17/ext/gd/gd_ctx.c	2014-11-04 15:12:01.612256878 -0800
@@ -90,7 +90,9 @@
 	}
 
 	if (argc > 1 && (Z_TYPE_PP(file) != IS_NULL && ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))))) {
-
+		if (strlen(Z_STRVAL_PP(file)) != Z_STRLEN_PP(file)) {
+			RETURN_FALSE;
+		}
 		PHP_GD_CHECK_OPEN_BASEDIR(fn, "Invalid filename");
 
 		fp = VCWD_FOPEN(fn, "wb");
upstream/oracle/userland-gate