diff options
Diffstat (limited to 'main/php/CVE-2014-4049.patch')
| -rw-r--r-- | main/php/CVE-2014-4049.patch | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/main/php/CVE-2014-4049.patch b/main/php/CVE-2014-4049.patch deleted file mode 100644 index c614d432c9..0000000000 --- a/main/php/CVE-2014-4049.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 4f73394fdd95d3165b4391e1b0dedd57fced8c3b Mon Sep 17 00:00:00 2001 -From: Sara Golemon <pollita@php.net> -Date: Tue, 10 Jun 2014 11:18:02 -0700 -Subject: [PATCH] Fix potential segfault in dns_get_record() - -If the remote sends us a packet with a malformed TXT record, -we could end up trying to over-consume the packet and wander -off into overruns. ---- - ext/standard/dns.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/ext/standard/dns.c b/ext/standard/dns.c -index 6a89446..214a7dc 100644 ---- a/ext/standard/dns.c -+++ b/ext/standard/dns.c -@@ -517,6 +517,10 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int - - while (ll < dlen) { - n = cp[ll]; -+ if ((ll + n) >= dlen) { -+ // Invalid chunk length, truncate -+ n = dlen - (ll + 1); -+ } - memcpy(tp + ll , cp + ll + 1, n); - add_next_index_stringl(entries, cp + ll + 1, n, 1); - ll = ll + n + 1; --- -1.9.3 - |