pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
pkg/36267: patch for CVE-2006-5178 bug in php4 package
>Number: 36267
>Category: pkg
>Synopsis: patch for CVE-2006-5178 bug in php4 package
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu May 03 08:55:00 +0000 2007
>Originator: Cedric DEVILLERS
>Release: NetBSD-3.1
>Organization:
University Paris VII
>Environment:
NetBSD 3.1 NetBSD 3.1 (GENERIC.MPACPI) #0: Tue Oct 31 04:47:22 UTC 2006
builds%b0.netbsd.org@localhost:/home/builds/ab/netbsd-3-1-RELEASE/i386/200610302053Z-obj/home/builds/ab/netbsd-3-1-RELEASE/src/sys/arch/i386/compile/GENERIC.MPACPI
i386
>Description:
It's just a patch for the php bug reference by CVE-2006-5178 for the php4
package.
>How-To-Repeat:
>Fix:
--------- Patch -- cut here ---------
--- ext/standard/link.c.orig 2007-01-01 09:46:48.000000000 +0000
+++ ext/standard/link.c
@@ -122,14 +122,15 @@
convert_to_string_ex(topath);
convert_to_string_ex(frompath);
- expand_filepath(Z_STRVAL_PP(frompath), source_p TSRMLS_CC);
- expand_filepath(Z_STRVAL_PP(topath), dest_p TSRMLS_CC);
+ if (!expand_filepath(Z_STRVAL_PP(frompath), source_p TSRMLS_CC) ||
!expand_filepath(Z_STRVAL_PP(topath), dest_p TSRMLS_CC)) {
+ RETURN_FALSE;
+ }
if (php_stream_locate_url_wrapper(source_p, NULL,
STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC) ||
php_stream_locate_url_wrapper(dest_p, NULL,
STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC) )
{
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to symlink
to a URL");
- RETURN_FALSE;
+ RETURN_FALSE;
}
if (PG(safe_mode) && !php_checkuid(dest_p, NULL,
CHECKUID_CHECK_FILE_AND_DIR)) {
@@ -177,14 +178,15 @@
convert_to_string_ex(topath);
convert_to_string_ex(frompath);
- expand_filepath(Z_STRVAL_PP(frompath), source_p TSRMLS_CC);
- expand_filepath(Z_STRVAL_PP(topath), dest_p TSRMLS_CC);
+ if (!expand_filepath(Z_STRVAL_PP(frompath), source_p TSRMLS_CC) ||
!expand_filepath(Z_STRVAL_PP(topath), dest_p TSRMLS_CC)) {
+ RETURN_FALSE;
+ }
if (php_stream_locate_url_wrapper(source_p, NULL,
STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC) ||
php_stream_locate_url_wrapper(dest_p, NULL,
STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC) )
{
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to link to
a URL");
- RETURN_FALSE;
+ RETURN_FALSE;
}
if (PG(safe_mode) && !php_checkuid(dest_p, NULL,
CHECKUID_CHECK_FILE_AND_DIR)) {
------- End of patch ------------
Home |
Main Index |
Thread Index |
Old Index