pkg/33230: PHP-4.4.2 patch available

[tonnerre%thebsh.sygroup.ch@localhost]

>Number:         33230
>Category:       pkg
>Synopsis:       Patch for the information exposure vulnerability in php-4.4.2 
>available (1803)
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Apr 10 12:15:00 +0000 2006
>Originator:     Tonnerre Lombard
>Release:        NetBSD 2.1
>Organization:
        SyGroup GmbH
>Environment:
System: NetBSD thebsh.sygroup-int.ch 2.1 NetBSD 2.1 (GENERIC.MP) #0: Mon Oct 24 
19:21:50 UTC 2005 
jmc%faith.netbsd.org@localhost:/home/builds/ab/netbsd-2-1-RELEASE/alpha/200510241747Z-obj/home/builds/ab/netbsd-2-1-RELEASE/src/sys/arch/alpha/compile/GENERIC.MP
 alpha
Architecture: alpha
Machine: alpha
>Description:
        PHP 4.4.2 has a nice feature of remote memory reading. According to
        the PHP people, this patch removes the feature for people who don't
        want it.
>How-To-Repeat:
        http://hostname/index.php?foo=AAAAAAAAAAAAAAAAAAA<lots of them>AAAA
>Fix:

--- html.c      2006/01/01 13:09:55     1.112
+++ html.c      2006/02/25 21:30:32     1.113
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: html.c,v 1.112 2006/01/01 13:09:55 sniper Exp $ */
+/* $Id: html.c,v 1.113 2006/02/25 21:30:32 rasmus Exp $ */
 
 /*
  * HTML entity resources:
@@ -884,7 +884,7 @@
        unsigned char replacement[15];
        int replacement_len;
 
-       ret = estrdup(old);
+       ret = estrndup(old, oldlen);
        retlen = oldlen;
        if (!retlen) {
                goto empty_source;