diff options
| author | Remi Collet <remi@remirepo.net> | 2024-11-13 08:22:31 +0100 |
|---|---|---|
| committer | Remi Collet <remi@php.net> | 2024-11-13 08:22:31 +0100 |
| commit | e1a245a0066008cda88f910f2b84e33dbc4c9b61 (patch) | |
| tree | a9d609be72ac94f012335794d63004e080d47fb1 /php-bug81746.patch | |
| parent | 3e542feeac8e065151836f1bb5fd8c0e66c7f18f (diff) | |
Diffstat (limited to 'php-bug81746.patch')
| -rw-r--r-- | php-bug81746.patch | 98 |
1 files changed, 0 insertions, 98 deletions
diff --git a/php-bug81746.patch b/php-bug81746.patch deleted file mode 100644 index 6e2ba19..0000000 --- a/php-bug81746.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 887cd0710ad856a0d22c329b6ea6c71ebd8621ae Mon Sep 17 00:00:00 2001 -From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> -Date: Fri, 27 Jan 2023 19:28:27 +0100 -Subject: [PATCH 3/7] Fix array overrun when appending slash to paths - -Fix it by extending the array sizes by one character. As the input is -limited to the maximum path length, there will always be place to append -the slash. As the php_check_specific_open_basedir() simply uses the -strings to compare against each other, no new failures related to too -long paths are introduced. -We'll let the DOM and XML case handle a potentially too long path in the -library code. - -(cherry picked from commit ec10b28d64decbc54aa1e585dce580f0bd7a5953) ---- - ext/dom/document.c | 2 +- - ext/xmlreader/php_xmlreader.c | 2 +- - main/fopen_wrappers.c | 6 +++--- - 3 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/ext/dom/document.c b/ext/dom/document.c -index b478e1a1aab..e683eb8f701 100644 ---- a/ext/dom/document.c -+++ b/ext/dom/document.c -@@ -1380,7 +1380,7 @@ static xmlDocPtr dom_document_parser(zval *id, int mode, char *source, size_t so - int validate, recover, resolve_externals, keep_blanks, substitute_ent; - int resolved_path_len; - int old_error_reporting = 0; -- char *directory=NULL, resolved_path[MAXPATHLEN]; -+ char *directory=NULL, resolved_path[MAXPATHLEN + 1]; - - if (id != NULL) { - intern = Z_DOMOBJ_P(id); -diff --git a/ext/xmlreader/php_xmlreader.c b/ext/xmlreader/php_xmlreader.c -index 06f569949ce..ecc81ad1470 100644 ---- a/ext/xmlreader/php_xmlreader.c -+++ b/ext/xmlreader/php_xmlreader.c -@@ -1038,7 +1038,7 @@ PHP_METHOD(xmlreader, XML) - xmlreader_object *intern = NULL; - char *source, *uri = NULL, *encoding = NULL; - int resolved_path_len, ret = 0; -- char *directory=NULL, resolved_path[MAXPATHLEN]; -+ char *directory=NULL, resolved_path[MAXPATHLEN + 1]; - xmlParserInputBufferPtr inputbfr; - xmlTextReaderPtr reader; - -diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c -index 27135020fa3..90de040a218 100644 ---- a/main/fopen_wrappers.c -+++ b/main/fopen_wrappers.c -@@ -138,10 +138,10 @@ PHPAPI ZEND_INI_MH(OnUpdateBaseDir) - */ - PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path) - { -- char resolved_name[MAXPATHLEN]; -- char resolved_basedir[MAXPATHLEN]; -+ char resolved_name[MAXPATHLEN + 1]; -+ char resolved_basedir[MAXPATHLEN + 1]; - char local_open_basedir[MAXPATHLEN]; -- char path_tmp[MAXPATHLEN]; -+ char path_tmp[MAXPATHLEN + 1]; - char *path_file; - size_t resolved_basedir_len; - size_t resolved_name_len; --- -2.39.1 - -From 614468ce4056c0ef93aae09532dcffdf65b594b5 Mon Sep 17 00:00:00 2001 -From: Remi Collet <remi@remirepo.net> -Date: Mon, 13 Feb 2023 11:46:47 +0100 -Subject: [PATCH 4/7] NEWS - ---- - NEWS | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/NEWS b/NEWS -index 03e8c839c77..8157a20d4b3 100644 ---- a/NEWS -+++ b/NEWS -@@ -1,6 +1,14 @@ - PHP NEWS - ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| - -+Backported from 8.0.28 -+ -+- Core: -+ . Fixed bug #81744 (Password_verify() always return true with some hash). -+ (CVE-2023-0567). (Tim Düsterhus) -+ . Fixed bug #81746 (1-byte array overrun in common path resolve code). -+ (CVE-2023-0568). (Niels Dossche) -+ - Backported from 8.0.27 - - - PDO/SQLite: --- -2.39.1 - |