upstream/oracle/userland-gate: components/php-5_3/php-sapi/patches/280_php

20192108 problem in UTILITY/PHP 20231115 problem in UTILITY/PHP 20936509 problem in UTILITY/PHP 20804024 problem in UTILITY/PHP 20804061 problem in UTILITY/PHP 20804135 problem in UTILITY/PHP 20804363 problem in UTILITY/PHP 20804424 problem in UTILITY/PHP 20433657 problem in UTILITY/PHP 20803998 problem in UTILITY/PHP 20804391 problem in UTILITY/PHP


CVE-2014-9653
Community BUG:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9653
Community CODE:
https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f
This patch was adapted from the community reports above.


--- php-5.3.29/ext/fileinfo/libmagic/readelf.c_orig	2015-06-12 16:40:10.463458900 -0700
+++ php-5.3.29/ext/fileinfo/libmagic/readelf.c	2015-06-12 16:59:36.213626077 -0700
@@ -313,7 +313,7 @@
 			file_badseek(ms);
 			return -1;
 		}
-		if (FINFO_READ_FUNC(fd, xph_addr, xph_sizeof) == -1) {
+		if (FINFO_READ_FUNC(fd, xph_addr, xph_sizeof) < (ssize_t)xph_sizeof) {
 			file_badread(ms);
 			return -1;
 		}
@@ -869,7 +869,7 @@
 			file_badseek(ms);
 			return -1;
 		}
-		if (FINFO_READ_FUNC(fd, xsh_addr, xsh_sizeof) == -1) {
+		if (FINFO_READ_FUNC(fd, xsh_addr, xsh_sizeof) < (ssize_t)xsh_sizeof) {
 			file_badread(ms);
 			return -1;
 		}
@@ -901,7 +901,7 @@
 				efree(nbuf);
 				return -1;
 			}
-			if (FINFO_READ_FUNC(fd, nbuf, (size_t)xsh_size) !=
+			if (FINFO_READ_FUNC(fd, nbuf, (size_t)xsh_size) <
 			    (ssize_t)xsh_size) {
 				efree(nbuf);
 				file_badread(ms);
@@ -1058,7 +1058,7 @@
 			return -1;
 		}
 
-  		if (FINFO_READ_FUNC(fd, xph_addr, xph_sizeof) == -1) {
+  		if (FINFO_READ_FUNC(fd, xph_addr, xph_sizeof) < (ssize_t)xph_sizeof) {
   			file_badread(ms);
 			return -1;
 		}

author	Craig Mohrman <craig.mohrman@oracle.com>
	Wed, 17 Jun 2015 15:47:38 -0700
branch	s11-update
changeset 4499	4e8085696007
permissions	-rw-r--r--