[Pkg-php-commits] [php/debian-lenny] Fix MOPS-2010-60: arbitrary session variables injection
Raphael Geissert
geissert at debian.org
Fri Aug 6 19:30:26 UTC 2010
---
debian/patches/MOPS-60.patch | 13 +++++++++++++
debian/patches/series | 1 +
2 files changed, 14 insertions(+), 0 deletions(-)
create mode 100644 debian/patches/MOPS-60.patch
diff --git a/debian/patches/MOPS-60.patch b/debian/patches/MOPS-60.patch
new file mode 100644
index 0000000..bb26b55
--- /dev/null
+++ b/debian/patches/MOPS-60.patch
@@ -0,0 +1,13 @@
+Index: php/ext/session/session.c
+===================================================================
+--- php.orig/ext/session/session.c
++++ php/ext/session/session.c
+@@ -525,7 +525,7 @@ PS_SERIALIZER_ENCODE_FUNC(php)
+
+ PS_ENCODE_LOOP(
+ smart_str_appendl(&buf, key, key_length);
+- if (memchr(key, PS_DELIMITER, key_length)) {
++ if (memchr(key, PS_DELIMITER, key_length) || memchr(key, PS_UNDEF_MARKER, key_length)) {
+ PHP_VAR_SERIALIZE_DESTROY(var_hash);
+ smart_str_free(&buf);
+ return FAILURE;
diff --git a/debian/patches/series b/debian/patches/series
index 7d1ee35..09d9c9b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -69,3 +69,4 @@ CVE-2009-4143.patch
CVE-2010-0397.patch
CVE-2010-1917.patch
CVE-2010-2225.patch
+MOPS-60.patch
--
1.7.1
More information about the Pkg-php-commits
mailing list