summaryrefslogtreecommitdiffstats
path: root/php-bug81746.patch
diff options
context:
space:
mode:
Diffstat (limited to 'php-bug81746.patch')
-rw-r--r--php-bug81746.patch98
1 files changed, 0 insertions, 98 deletions
diff --git a/php-bug81746.patch b/php-bug81746.patch
deleted file mode 100644
index 6e2ba19..0000000
--- a/php-bug81746.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 887cd0710ad856a0d22c329b6ea6c71ebd8621ae Mon Sep 17 00:00:00 2001
-From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
-Date: Fri, 27 Jan 2023 19:28:27 +0100
-Subject: [PATCH 3/7] Fix array overrun when appending slash to paths
-
-Fix it by extending the array sizes by one character. As the input is
-limited to the maximum path length, there will always be place to append
-the slash. As the php_check_specific_open_basedir() simply uses the
-strings to compare against each other, no new failures related to too
-long paths are introduced.
-We'll let the DOM and XML case handle a potentially too long path in the
-library code.
-
-(cherry picked from commit ec10b28d64decbc54aa1e585dce580f0bd7a5953)
----
- ext/dom/document.c | 2 +-
- ext/xmlreader/php_xmlreader.c | 2 +-
- main/fopen_wrappers.c | 6 +++---
- 3 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/ext/dom/document.c b/ext/dom/document.c
-index b478e1a1aab..e683eb8f701 100644
---- a/ext/dom/document.c
-+++ b/ext/dom/document.c
-@@ -1380,7 +1380,7 @@ static xmlDocPtr dom_document_parser(zval *id, int mode, char *source, size_t so
- int validate, recover, resolve_externals, keep_blanks, substitute_ent;
- int resolved_path_len;
- int old_error_reporting = 0;
-- char *directory=NULL, resolved_path[MAXPATHLEN];
-+ char *directory=NULL, resolved_path[MAXPATHLEN + 1];
-
- if (id != NULL) {
- intern = Z_DOMOBJ_P(id);
-diff --git a/ext/xmlreader/php_xmlreader.c b/ext/xmlreader/php_xmlreader.c
-index 06f569949ce..ecc81ad1470 100644
---- a/ext/xmlreader/php_xmlreader.c
-+++ b/ext/xmlreader/php_xmlreader.c
-@@ -1038,7 +1038,7 @@ PHP_METHOD(xmlreader, XML)
- xmlreader_object *intern = NULL;
- char *source, *uri = NULL, *encoding = NULL;
- int resolved_path_len, ret = 0;
-- char *directory=NULL, resolved_path[MAXPATHLEN];
-+ char *directory=NULL, resolved_path[MAXPATHLEN + 1];
- xmlParserInputBufferPtr inputbfr;
- xmlTextReaderPtr reader;
-
-diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c
-index 27135020fa3..90de040a218 100644
---- a/main/fopen_wrappers.c
-+++ b/main/fopen_wrappers.c
-@@ -138,10 +138,10 @@ PHPAPI ZEND_INI_MH(OnUpdateBaseDir)
- */
- PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path)
- {
-- char resolved_name[MAXPATHLEN];
-- char resolved_basedir[MAXPATHLEN];
-+ char resolved_name[MAXPATHLEN + 1];
-+ char resolved_basedir[MAXPATHLEN + 1];
- char local_open_basedir[MAXPATHLEN];
-- char path_tmp[MAXPATHLEN];
-+ char path_tmp[MAXPATHLEN + 1];
- char *path_file;
- size_t resolved_basedir_len;
- size_t resolved_name_len;
---
-2.39.1
-
-From 614468ce4056c0ef93aae09532dcffdf65b594b5 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Mon, 13 Feb 2023 11:46:47 +0100
-Subject: [PATCH 4/7] NEWS
-
----
- NEWS | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/NEWS b/NEWS
-index 03e8c839c77..8157a20d4b3 100644
---- a/NEWS
-+++ b/NEWS
-@@ -1,6 +1,14 @@
- PHP NEWS
- |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-
-+Backported from 8.0.28
-+
-+- Core:
-+ . Fixed bug #81744 (Password_verify() always return true with some hash).
-+ (CVE-2023-0567). (Tim Düsterhus)
-+ . Fixed bug #81746 (1-byte array overrun in common path resolve code).
-+ (CVE-2023-0568). (Niels Dossche)
-+
- Backported from 8.0.27
-
- - PDO/SQLite:
---
-2.39.1
-