>Number:         33230
>Category:       pkg
>Synopsis:       Patch for the information exposure vulnerability in php-4.4.2 available (1803)
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Apr 10 12:15:00 +0000 2006
>Originator:     Tonnerre Lombard
>Release:        NetBSD 2.1
>Organization:
	SyGroup GmbH
>Environment:
System: NetBSD thebsh.sygroup-int.ch 2.1 NetBSD 2.1 (GENERIC.MP) #0: Mon Oct 24 19:21:50 UTC 2005 jmc@faith.netbsd.org:/home/builds/ab/netbsd-2-1-RELEASE/alpha/200510241747Z-obj/home/builds/ab/netbsd-2-1-RELEASE/src/sys/arch/alpha/compile/GENERIC.MP alpha
Architecture: alpha
Machine: alpha
>Description:
	PHP 4.4.2 has a nice feature of remote memory reading. According to
	the PHP people, this patch removes the feature for people who don't
	want it.
>How-To-Repeat:
	http://hostname/index.php?foo=AAAAAAAAAAAAAAAAAAA<lots of them>AAAA
>Fix:

--- html.c	2006/01/01 13:09:55	1.112
+++ html.c	2006/02/25 21:30:32	1.113
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: html.c,v 1.112 2006/01/01 13:09:55 sniper Exp $ */
+/* $Id: html.c,v 1.113 2006/02/25 21:30:32 rasmus Exp $ */
 
 /*
  * HTML entity resources:
@@ -884,7 +884,7 @@
 	unsigned char replacement[15];
 	int replacement_len;
 
-	ret = estrdup(old);
+	ret = estrndup(old, oldlen);
 	retlen = oldlen;
 	if (!retlen) {
 		goto empty_source;