summaryrefslogtreecommitdiffstats
path: root/php-bug79465.patch
blob: 6bdf194839535a23068d0f32efe55b69cc8f31dd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
From 26770fed5530c46a68653e868be0a266c42c33e8 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Mon, 13 Apr 2020 21:07:04 -0700
Subject: [PATCH] Fix bug #79465 - use unsigneds as indexes.

(cherry picked from commit 9d6bf8221b05f86ce5875832f0f646c4c1f218be)
---
 ext/standard/url.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ext/standard/url.c b/ext/standard/url.c
index d6e71fa487..0278bd47e8 100644
--- a/ext/standard/url.c
+++ b/ext/standard/url.c
@@ -545,7 +545,7 @@ PHPAPI int php_url_decode(char *str, int len)
 #ifndef CHARSET_EBCDIC
 			*dest = (char) php_htoi(data + 1);
 #else
-			*dest = os_toebcdic[(char) php_htoi(data + 1)];
+			*dest = os_toebcdic[(unsigned char) php_htoi(data + 1)];
 #endif
 			data += 2;
 			len -= 2;
@@ -647,7 +647,7 @@ PHPAPI int php_raw_url_decode(char *str, int len)
 #ifndef CHARSET_EBCDIC
 			*dest = (char) php_htoi(data + 1);
 #else
-			*dest = os_toebcdic[(char) php_htoi(data + 1)];
+			*dest = os_toebcdic[(unsigned char) php_htoi(data + 1)];
 #endif
 			data += 2;
 			len -= 2;
From c1f77159cfd61479bc22cf41d7964673c31b222a Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Tue, 14 Apr 2020 08:02:28 +0200
Subject: [PATCH] NEWS

(cherry picked from commit bd4a5ebe653f36ea7705fbc95a6ec4842d7f86fc)
---
 NEWS | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/NEWS b/NEWS
index 5085d35e9a..281b52fe76 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,12 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 
+Backported from 7.2.30
+
+- Standard:
+  . Fixed bug #79330 (shell_exec silently truncates after a null byte). (stas)
+  . Fixed bug #79465 (OOB Read in urldecode). (CVE-2020-7067) (stas)
+
 Backported from 7.2.29
 
 - Core: