summaryrefslogtreecommitdiffstats
path: root/php-bug79329.patch
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2020-03-17 08:16:54 +0100
committerRemi Collet <remi@remirepo.net>2020-03-17 08:16:54 +0100
commit3a162835ac7ba1d2994784d68a0d29bb8fe52576 (patch)
tree982e3db9396f70d03df283db36b0081af1100d76 /php-bug79329.patch
parent3407e148f90cc766ae72069a2b84ba3649736796 (diff)
standard:
Fix #79329 get_headers() silently truncates after a null byte CVE-2020-7066 exif: Fix #79282 Use-of-uninitialized-value in exif CVE-2020-7064 use oracle client library version 19.6 (18.5 on EL-6)
Diffstat (limited to 'php-bug79329.patch')
-rw-r--r--php-bug79329.patch59
1 files changed, 59 insertions, 0 deletions
diff --git a/php-bug79329.patch b/php-bug79329.patch
new file mode 100644
index 0000000..a8bf790
--- /dev/null
+++ b/php-bug79329.patch
@@ -0,0 +1,59 @@
+From c3582855b88cfde8e69734da738803b54c2c2e26 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Tue, 17 Mar 2020 07:25:12 +0100
+Subject: [PATCH] Fix bug #79329 - get_headers should not accept \0
+
+From 0d139c5b94a5f485a66901919e51faddb0371c43
+
+(cherry picked from commit b7b9302660a23a67285e204bc3d7fcf6ba7f6533)
+(cherry picked from commit b9a1e6bfd762d2bf7fa3c5bbcfbb6dcdfdfa982c)
+---
+ ext/standard/url.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ext/standard/url.c b/ext/standard/url.c
+index 6ecace53e5..d6e71fa487 100644
+--- a/ext/standard/url.c
++++ b/ext/standard/url.c
+@@ -675,7 +675,7 @@ PHP_FUNCTION(get_headers)
+ HashTable *hashT;
+ long format = 0;
+
+- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|l", &url, &url_len, &format) == FAILURE) {
++ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p|l", &url, &url_len, &format) == FAILURE) {
+ return;
+ }
+ context = FG(default_context) ? FG(default_context) : (FG(default_context) = php_stream_context_alloc(TSRMLS_C));
+From f94716859dfa52416754faa226d1bd642373f117 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Sun, 15 Mar 2020 19:35:26 -0700
+Subject: [PATCH] [ci skip] Update NEWS
+
+(cherry picked from commit c8d21d7728109b0f911033c098cfaeb7438ba1d5)
+(cherry picked from commit 03471e31c9b467d1d8d944e44fa009ef247e81bd)
+(cherry picked from commit 4844343ac37e8e3ca4d995b1d91fc0f9daf03d5f)
+---
+ NEWS | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/NEWS b/NEWS
+index 22e714e837..5085d35e9a 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,6 +1,16 @@
+ PHP NEWS
+ |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+
++Backported from 7.2.29
++
++- Core:
++ . Fixed bug #79329 (get_headers() silently truncates after a null byte)
++ (CVE-2020-7066) (cmb)
++
++- EXIF:
++ . Fixed bug #79282 (Use-of-uninitialized-value in exif) (CVE-2020-7064)
++ (Nikita)
++
+ Backported from 7.2.28
+
+ - Phar: