diff options
author | Felix Yan | 2015-07-23 19:55:08 +0800 |
---|---|---|
committer | Felix Yan | 2015-07-23 19:55:08 +0800 |
commit | 46328e7f9a997f2080d9b01ea32910302ca1fbb2 (patch) | |
tree | ab71f43b4093ed44f201782a09e3b55a9aea3e32 /CVE-2015-2305.patch | |
download | aur-46328e7f9a997f2080d9b01ea32910302ca1fbb2.tar.gz |
addpkg: php53 5.3.29-4
Diffstat (limited to 'CVE-2015-2305.patch')
-rw-r--r-- | CVE-2015-2305.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/CVE-2015-2305.patch b/CVE-2015-2305.patch new file mode 100644 index 000000000000..e3309f408271 --- /dev/null +++ b/CVE-2015-2305.patch @@ -0,0 +1,35 @@ +From fb04dcf6dbb48aecd8d2dc986806cb58c8ae5282 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev <stas@php.net> +Date: Tue, 17 Mar 2015 17:04:57 -0700 +Subject: [PATCH] Fix bug #69248 - heap overflow vulnerability in regcomp.c + +Merged from https://github.com/garyhouston/regex/commit/70bc2965604b6b8aaf260049e64c708dddf85334 +--- + NEWS | 3 +++ + ext/ereg/regex/regcomp.c | 10 +++++++++- + 2 files changed, 12 insertions(+), 1 deletion(-) + +diff --git a/ext/ereg/regex/regcomp.c b/ext/ereg/regex/regcomp.c +index 156eee9..f4bfc1c 100644 +--- a/ext/ereg/regex/regcomp.c ++++ b/ext/ereg/regex/regcomp.c +@@ -117,7 +117,15 @@ int cflags; + (NC-1)*sizeof(cat_t)); + if (g == NULL) + return(REG_ESPACE); +- p->ssize = len/(size_t)2*(size_t)3 + (size_t)1; /* ugh */ ++ { ++ /* Patched for CERT Vulnerability Note VU#695940, Feb 2015. */ ++ size_t new_ssize = len/(size_t)2*(size_t)3 + (size_t)1; /* ugh */ ++ if (new_ssize < len || new_ssize > LONG_MAX / sizeof(sop)) { ++ free((char *) g); ++ return REG_INVARG; ++ } ++ p->ssize = new_ssize; ++ } + p->strip = (sop *)malloc(p->ssize * sizeof(sop)); + p->slen = 0; + if (p->strip == NULL) { +-- +2.1.4 + |