summaryrefslogtreecommitdiffstats
path: root/php-bug79329.patch
blob: a8bf7907dfa77001aaf786f13d0d903bf4fd8e0c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
From c3582855b88cfde8e69734da738803b54c2c2e26 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Tue, 17 Mar 2020 07:25:12 +0100
Subject: [PATCH] Fix bug #79329 - get_headers should not accept \0

From 0d139c5b94a5f485a66901919e51faddb0371c43

(cherry picked from commit b7b9302660a23a67285e204bc3d7fcf6ba7f6533)
(cherry picked from commit b9a1e6bfd762d2bf7fa3c5bbcfbb6dcdfdfa982c)
---
 ext/standard/url.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/standard/url.c b/ext/standard/url.c
index 6ecace53e5..d6e71fa487 100644
--- a/ext/standard/url.c
+++ b/ext/standard/url.c
@@ -675,7 +675,7 @@ PHP_FUNCTION(get_headers)
 	HashTable *hashT;
 	long format = 0;
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|l", &url, &url_len, &format) == FAILURE) {
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p|l", &url, &url_len, &format) == FAILURE) {
 		return;
 	}
 	context = FG(default_context) ? FG(default_context) : (FG(default_context) = php_stream_context_alloc(TSRMLS_C));
From f94716859dfa52416754faa226d1bd642373f117 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sun, 15 Mar 2020 19:35:26 -0700
Subject: [PATCH] [ci skip] Update NEWS

(cherry picked from commit c8d21d7728109b0f911033c098cfaeb7438ba1d5)
(cherry picked from commit 03471e31c9b467d1d8d944e44fa009ef247e81bd)
(cherry picked from commit 4844343ac37e8e3ca4d995b1d91fc0f9daf03d5f)
---
 NEWS | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/NEWS b/NEWS
index 22e714e837..5085d35e9a 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,16 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 
+Backported from 7.2.29
+
+- Core: 
+  . Fixed bug #79329 (get_headers() silently truncates after a null byte) 
+    (CVE-2020-7066) (cmb)
+
+- EXIF:
+  . Fixed bug #79282 (Use-of-uninitialized-value in exif) (CVE-2020-7064) 
+    (Nikita)
+
 Backported from 7.2.28
 
 - Phar: