[Pkg-php-commits] [php/debian-lenny] Fix CVE-2010-1917: stack consumption on the fnmatch() function
Raphael Geissert
geissert at debian.org
Fri Aug 6 19:30:26 UTC 2010
---
debian/patches/CVE-2010-1917.patch | 15 +++++++++++++++
debian/patches/series | 1 +
2 files changed, 16 insertions(+), 0 deletions(-)
create mode 100644 debian/patches/CVE-2010-1917.patch
diff --git a/debian/patches/CVE-2010-1917.patch b/debian/patches/CVE-2010-1917.patch
new file mode 100644
index 0000000..63ba94f
--- /dev/null
+++ b/debian/patches/CVE-2010-1917.patch
@@ -0,0 +1,15 @@
+Index: php/ext/standard/file.c
+===================================================================
+--- php.orig/ext/standard/file.c
++++ php/ext/standard/file.c
+@@ -2533,6 +2533,10 @@ PHP_FUNCTION(fnmatch)
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename exceeds the maximum allowed length of %d characters", MAXPATHLEN);
+ RETURN_FALSE;
+ }
++ if (pattern_len >= MAXPATHLEN) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Pattern exceeds the maximum allowed length of %d characters", MAXPATHLEN);
++ RETURN_FALSE;
++ }
+
+ RETURN_BOOL( ! fnmatch( pattern, filename, flags ));
+ }
diff --git a/debian/patches/series b/debian/patches/series
index 6077362..0cfbb4c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -67,3 +67,4 @@ sybase-alias.patch
CVE-2009-4142.patch
CVE-2009-4143.patch
CVE-2010-0397.patch
+CVE-2010-1917.patch
--
1.7.1
More information about the Pkg-php-commits
mailing list