[pkgsrc/trunk]: pkgsrc Fix for CVE-2006-5465 from PHP CVS

[adrianp <adrianp%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/6b7c540c3f96
branches:  trunk
changeset: 521061:6b7c540c3f96
user:      adrianp <adrianp%pkgsrc.org@localhost>
date:      Sat Nov 04 11:19:41 2006 +0000

description:
Fix for CVE-2006-5465 from PHP CVS
http://www.hardened-php.net/advisory_132006.138.html

diffstat:

 lang/php5/Makefile         |   4 ++--
 lang/php5/distinfo         |   3 ++-
 lang/php5/patches/patch-av |  32 ++++++++++++++++++++++++++++++++
 www/php4/Makefile          |   4 ++--
 www/php4/distinfo          |   3 ++-
 www/php4/patches/patch-av  |  32 ++++++++++++++++++++++++++++++++
 6 files changed, 72 insertions(+), 6 deletions(-)

diffs (126 lines):

diff -r 8105879633a4 -r 6b7c540c3f96 lang/php5/Makefile
--- a/lang/php5/Makefile        Sat Nov 04 11:14:49 2006 +0000
+++ b/lang/php5/Makefile        Sat Nov 04 11:19:41 2006 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.45 2006/10/22 13:19:19 adrianp Exp $
+# $NetBSD: Makefile,v 1.46 2006/11/04 11:27:55 adrianp Exp $
 
 PKGNAME=               php-${PHP_BASE_VERS}
-PKGREVISION=           2
+PKGREVISION=           3
 CATEGORIES=            lang
 
 HOMEPAGE=              http://www.php.net/
diff -r 8105879633a4 -r 6b7c540c3f96 lang/php5/distinfo
--- a/lang/php5/distinfo        Sat Nov 04 11:14:49 2006 +0000
+++ b/lang/php5/distinfo        Sat Nov 04 11:19:41 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.31 2006/11/01 11:33:34 tron Exp $
+$NetBSD: distinfo,v 1.32 2006/11/04 11:27:55 adrianp Exp $
 
 SHA1 (php-5.1.6/php-5.1.6.tar.bz2) = a20b946f1de0a8a35a8a6bf437adbba4e5448d27
 RMD160 (php-5.1.6/php-5.1.6.tar.bz2) = 7ac52f4674532397c982f6ced594b70dd17522af
@@ -12,3 +12,4 @@
 SHA1 (patch-ak) = 2d5264d33ebef631d4a2d0cdf8a2ed365bdbeb7e
 SHA1 (patch-as) = 4fc74c8e8d0a7a152a7bbe1672ad0834021db16c
 SHA1 (patch-au) = 90264101db6c2f000c30d1f513392acec781202b
+SHA1 (patch-av) = b14aed514e801e58deec95ecdda107a1c6b5457d
diff -r 8105879633a4 -r 6b7c540c3f96 lang/php5/patches/patch-av
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/php5/patches/patch-av        Sat Nov 04 11:19:41 2006 +0000
@@ -0,0 +1,32 @@
+$NetBSD: patch-av,v 1.3 2006/11/04 11:27:55 adrianp Exp $
+
+# CVE-2006-5465
+
+--- ext/standard/html.c.orig   2006-02-25 21:32:11.000000000 +0000
++++ ext/standard/html.c
+@@ -1096,7 +1096,7 @@ PHPAPI char *php_escape_html_entities(un
+ 
+               matches_map = 0;
+ 
+-              if (len + 9 > maxlen)
++              if (len + 16 > maxlen)
+                       replaced = erealloc (replaced, maxlen += 128);
+ 
+               if (all) {
+@@ -1121,9 +1121,15 @@ PHPAPI char *php_escape_html_entities(un
+                       }
+ 
+                       if (matches_map) {
++                              int l = strlen(rep);
++                              /* increase the buffer size */
++                              if (len + 2 + l >= maxlen) {
++                                      replaced = erealloc(replaced, maxlen += 128);
++                              }
++
+                               replaced[len++] = '&';
+                               strcpy(replaced + len, rep);
+-                              len += strlen(rep);
++                              len += l;
+                               replaced[len++] = ';';
+                       }
+               }
diff -r 8105879633a4 -r 6b7c540c3f96 www/php4/Makefile
--- a/www/php4/Makefile Sat Nov 04 11:14:49 2006 +0000
+++ b/www/php4/Makefile Sat Nov 04 11:19:41 2006 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.72 2006/10/22 13:16:41 adrianp Exp $
+# $NetBSD: Makefile,v 1.73 2006/11/04 11:19:41 adrianp Exp $
 
 PKGNAME=               php-${PHP_BASE_VERS}
-PKGREVISION=           2
+PKGREVISION=           3
 CATEGORIES+=           lang
 COMMENT=               HTML-embedded scripting language
 
diff -r 8105879633a4 -r 6b7c540c3f96 www/php4/distinfo
--- a/www/php4/distinfo Sat Nov 04 11:14:49 2006 +0000
+++ b/www/php4/distinfo Sat Nov 04 11:19:41 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.59 2006/11/03 07:00:39 wiz Exp $
+$NetBSD: distinfo,v 1.60 2006/11/04 11:19:41 adrianp Exp $
 
 SHA1 (php-4.4.4.tar.bz2) = 05d62910fb5734344db87f0a17b1e8e001b26b05
 RMD160 (php-4.4.4.tar.bz2) = 02fd7d5135a9e5ce11d905a4a474a5d42b8441f3
@@ -17,3 +17,4 @@
 SHA1 (patch-ap) = 2f852abd1e9d0f089add18b2eade2831253ad00e
 SHA1 (patch-at) = f8b3aebd61fe2d5b5a994e1d973424a1ed397f63
 SHA1 (patch-au) = 8b8e317dbb9cfc265bf29ebe0827d9b734a1a3b7
+SHA1 (patch-av) = d2e828caa542288d5444cf9d39f3aa0fa7a6f438
diff -r 8105879633a4 -r 6b7c540c3f96 www/php4/patches/patch-av
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/php4/patches/patch-av Sat Nov 04 11:19:41 2006 +0000
@@ -0,0 +1,32 @@
+$NetBSD: patch-av,v 1.3 2006/11/04 11:19:41 adrianp Exp $
+
+# CVE-2006-5465
+
+--- ext/standard/html.c.orig   2006-02-25 21:33:06.000000000 +0000
++++ ext/standard/html.c
+@@ -878,7 +878,7 @@ PHPAPI char *php_escape_html_entities(un
+ 
+               matches_map = 0;
+ 
+-              if (len + 9 > maxlen)
++              if (len + 16 > maxlen)
+                       replaced = erealloc (replaced, maxlen += 128);
+ 
+               if (all) {
+@@ -903,9 +903,15 @@ PHPAPI char *php_escape_html_entities(un
+                       }
+ 
+                       if (matches_map) {
++                              int l = strlen(rep);
++                              /* increase the buffer size */
++                              if (len + 2 + l >= maxlen) {
++                                      replaced = erealloc(replaced, maxlen += 128);
++                              }
++
+                               replaced[len++] = '&';
+                               strcpy(replaced + len, rep);
+-                              len += strlen(rep);
++                              len += l;
+                               replaced[len++] = ';';
+                       }
+               }