packages: php/php-buff_ovf.patch (NEW) - stack buffer overflow patch to soc...

marti marti at pld-linux.org
Tue May 24 07:39:18 CEST 2011


Author: marti                        Date: Tue May 24 05:39:18 2011 GMT
Module: packages                      Tag: HEAD
---- Log message:
- stack buffer overflow patch to socket_connect()

---- Files affected:
packages/php:
   php-buff_ovf.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: packages/php/php-buff_ovf.patch
diff -u /dev/null packages/php/php-buff_ovf.patch:1.1
--- /dev/null	Tue May 24 07:39:18 2011
+++ packages/php/php-buff_ovf.patch	Tue May 24 07:39:13 2011
@@ -0,0 +1,16 @@
+diff -ur php-5.3.6-orig//ext/sockets/sockets.c php-5.3.6//ext/sockets/sockets.c
+--- php-5.3.6-orig//ext/sockets/sockets.c	2011-01-01 03:19:59.000000000 +0100
++++ php-5.3.6//ext/sockets/sockets.c	2011-05-24 07:09:54.592779164 +0200
+@@ -1333,6 +1333,11 @@
+ 			break;
+ 
+ 		case AF_UNIX:
++			if (addr_len >= sizeof(s_un.sun_path)) {
++					php_error_docref(NULL TSRMLS_CC, E_WARNING, "Path too long", php_sock->type);
++					RETURN_FALSE;
++				}
++
+ 			memset(&s_un, 0, sizeof(struct sockaddr_un));
+ 
+ 			s_un.sun_family = AF_UNIX;
+Tylko w php-5.3.6//ext/sockets: sockets.c~
================================================================


More information about the pld-cvs-commit mailing list