diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2014-07-18 06:45:08 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-07-18 06:45:08 +0000 |
commit | ca28f9f2b2d71543d8afa49b6568e61fd8b6513c (patch) | |
tree | b8f6a8b54ae0259ffcd63c31e9967b152d1cc8c1 | |
parent | 82bdcb26b07807b672ce6ff8c883a7a7e4d875e2 (diff) | |
download | aports-ca28f9f2b2d71543d8afa49b6568e61fd8b6513c.tar.bz2 aports-ca28f9f2b2d71543d8afa49b6568e61fd8b6513c.tar.xz |
main/php: fix CVE-2014-4721
fixes #3165
-rw-r--r-- | main/php/APKBUILD | 6 | ||||
-rw-r--r-- | main/php/CVE-2014-4721.patch | 61 |
2 files changed, 65 insertions, 2 deletions
diff --git a/main/php/APKBUILD b/main/php/APKBUILD index 04edfb3332..0f549196fb 100644 --- a/main/php/APKBUILD +++ b/main/php/APKBUILD @@ -3,7 +3,7 @@ pkgname=php pkgver=5.3.28 _suhosinver=5.3.9-0.9.10 -pkgrel=5 +pkgrel=6 pkgdesc="The PHP language runtime engine" url="http://www.php.net/" arch="all" @@ -83,6 +83,7 @@ source="http://www.php.net/distributions/${pkgname}-${pkgver}.tar.bz2 CVE-2014-0237.patch CVE-2014-0238.patch CVE-2014-4049.patch + CVE-2014-4721.patch " _apiver="20090626" @@ -459,4 +460,5 @@ f2836636790a78ec058d3fe84045997a CVE-2013-7345.patch 66333db458742a20dda0b8a9be1900e5 CVE-2014-0185.patch 77a99e602cc93ec04b7c6995bba7748b CVE-2014-0237.patch a038c00930d7021e1f485043deec65fc CVE-2014-0238.patch -bd763609e1a4cd15ba0142cb7e5bc7a4 CVE-2014-4049.patch" +bd763609e1a4cd15ba0142cb7e5bc7a4 CVE-2014-4049.patch +11f0c6e5db9416a1f8bbba8be8fd1c89 CVE-2014-4721.patch" diff --git a/main/php/CVE-2014-4721.patch b/main/php/CVE-2014-4721.patch new file mode 100644 index 0000000000..47fd4d0423 --- /dev/null +++ b/main/php/CVE-2014-4721.patch @@ -0,0 +1,61 @@ +From 84f9fe0fdcc660d7f2b479b4cd5dd4216e3bc5ff Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev <stas@php.net> +Date: Mon, 23 Jun 2014 00:19:37 -0700 +Subject: [PATCH] Fix bug #67498 - phpinfo() Type Confusion Information Leak + Vulnerability + +--- + ext/standard/info.c | 8 ++++---- + ext/standard/tests/general_functions/bug67498.phpt | 15 +++++++++++++++ + 2 files changed, 19 insertions(+), 4 deletions(-) + create mode 100644 ext/standard/tests/general_functions/bug67498.phpt + +diff --git a/ext/standard/info.c b/ext/standard/info.c +index 03ced35..0626a70 100644 +--- a/ext/standard/info.c ++++ b/ext/standard/info.c +@@ -866,16 +866,16 @@ PHPAPI void php_print_info(int flag TSRMLS_DC) + + php_info_print_table_start(); + php_info_print_table_header(2, "Variable", "Value"); +- if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE) { ++ if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { + php_info_print_table_row(2, "PHP_SELF", Z_STRVAL_PP(data)); + } +- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE) { ++ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { + php_info_print_table_row(2, "PHP_AUTH_TYPE", Z_STRVAL_PP(data)); + } +- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE) { ++ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { + php_info_print_table_row(2, "PHP_AUTH_USER", Z_STRVAL_PP(data)); + } +- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE) { ++ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { + php_info_print_table_row(2, "PHP_AUTH_PW", Z_STRVAL_PP(data)); + } + php_print_gpcse_array(ZEND_STRL("_REQUEST") TSRMLS_CC); +diff --git a/ext/standard/tests/general_functions/bug67498.phpt b/ext/standard/tests/general_functions/bug67498.phpt +new file mode 100644 +index 0000000..5b5951b +--- /dev/null ++++ b/ext/standard/tests/general_functions/bug67498.phpt +@@ -0,0 +1,15 @@ ++--TEST-- ++phpinfo() Type Confusion Information Leak Vulnerability ++--FILE-- ++<?php ++$PHP_SELF = 1; ++phpinfo(INFO_VARIABLES); ++ ++?> ++==DONE== ++--EXPECTF-- ++phpinfo() ++ ++PHP Variables ++%A ++==DONE== +-- +1.9.2 + |