pkg/36267: patch for CVE-2006-5178 bug in php4 package

To: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/36267: patch for CVE-2006-5178 bug in php4 package
From: cedric.devillers%script.univ-paris7.fr@localhost
Date: Thu, 3 May 2007 08:55:00 +0000 (UTC)

>Number:         36267
>Category:       pkg
>Synopsis:       patch for CVE-2006-5178 bug in php4 package
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May 03 08:55:00 +0000 2007
>Originator:     Cedric DEVILLERS
>Release:        NetBSD-3.1
>Organization:
University Paris VII
>Environment:
NetBSD 3.1 NetBSD 3.1 (GENERIC.MPACPI) #0: Tue Oct 31 04:47:22 UTC 2006  
builds%b0.netbsd.org@localhost:/home/builds/ab/netbsd-3-1-RELEASE/i386/200610302053Z-obj/home/builds/ab/netbsd-3-1-RELEASE/src/sys/arch/i386/compile/GENERIC.MPACPI
 i386
>Description:
It's just a patch for the php bug reference by CVE-2006-5178 for the php4 
package.
>How-To-Repeat:

>Fix:
--------- Patch -- cut here ---------

--- ext/standard/link.c.orig    2007-01-01 09:46:48.000000000 +0000
+++ ext/standard/link.c
@@ -122,14 +122,15 @@
        convert_to_string_ex(topath);
        convert_to_string_ex(frompath);
 
-       expand_filepath(Z_STRVAL_PP(frompath), source_p TSRMLS_CC);
-       expand_filepath(Z_STRVAL_PP(topath), dest_p TSRMLS_CC);
+       if (!expand_filepath(Z_STRVAL_PP(frompath), source_p TSRMLS_CC) || 
!expand_filepath(Z_STRVAL_PP(topath), dest_p TSRMLS_CC)) {
+               RETURN_FALSE;
+       }
 
        if (php_stream_locate_url_wrapper(source_p, NULL, 
STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC) ||
                php_stream_locate_url_wrapper(dest_p, NULL, 
STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC) ) 
        {
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to symlink 
to a URL");
-               RETURN_FALSE;   
+               RETURN_FALSE;
        }
 
        if (PG(safe_mode) && !php_checkuid(dest_p, NULL, 
CHECKUID_CHECK_FILE_AND_DIR)) {
@@ -177,14 +178,15 @@
        convert_to_string_ex(topath);
        convert_to_string_ex(frompath);
 
-       expand_filepath(Z_STRVAL_PP(frompath), source_p TSRMLS_CC);
-       expand_filepath(Z_STRVAL_PP(topath), dest_p TSRMLS_CC);
+       if (!expand_filepath(Z_STRVAL_PP(frompath), source_p TSRMLS_CC) || 
!expand_filepath(Z_STRVAL_PP(topath), dest_p TSRMLS_CC)) {
+               RETURN_FALSE;
+       }
 
        if (php_stream_locate_url_wrapper(source_p, NULL, 
STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC) ||
                php_stream_locate_url_wrapper(dest_p, NULL, 
STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC) ) 
        {
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to link to 
a URL");
-               RETURN_FALSE;   
+               RETURN_FALSE;
        }
 
        if (PG(safe_mode) && !php_checkuid(dest_p, NULL, 
CHECKUID_CHECK_FILE_AND_DIR)) {


------- End of patch ------------

Prev by Date: Re: pkg/36258 (emulators/wine seems to depend upon modular X)
Next by Date: Re: pkg/33759 (silent build errors when USE_LANGUAGES is not set)
Previous by Thread: pkg/36265: prefer /usr/pkg/share/doc/mpd/mpdconf.example to /usr/pkg/share/examples/mpd/mpd.conf
Next by Thread: pkg/36269: mklivecd standard option for mkisofs -nobak
Indexes:

Home | Main Index | Thread Index | Old Index