diff options
author | Felix Yan | 2015-07-23 19:55:08 +0800 |
---|---|---|
committer | Felix Yan | 2015-07-23 19:55:08 +0800 |
commit | 46328e7f9a997f2080d9b01ea32910302ca1fbb2 (patch) | |
tree | ab71f43b4093ed44f201782a09e3b55a9aea3e32 /curl_embedded_null.patch | |
download | aur-46328e7f9a997f2080d9b01ea32910302ca1fbb2.tar.gz |
addpkg: php53 5.3.29-4
Diffstat (limited to 'curl_embedded_null.patch')
-rw-r--r-- | curl_embedded_null.patch | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/curl_embedded_null.patch b/curl_embedded_null.patch new file mode 100644 index 000000000000..eca9b1d1c39e --- /dev/null +++ b/curl_embedded_null.patch @@ -0,0 +1,43 @@ +Description: fix local file disclosure via curl NULL byte injection +Origin: backport, http://git.php.net/?p=php-src.git;a=commit;h=ab0939e5e5449cba04b02fff3a5595f725bce0a0 +Bug: https://bugs.php.net/bug.php?id=68089 + +Index: php5-5.3.10/ext/curl/interface.c +=================================================================== +--- php5-5.3.10.orig/ext/curl/interface.c 2014-10-28 14:54:02.671549358 -0400 ++++ php5-5.3.10/ext/curl/interface.c 2014-10-28 14:54:49.427898135 -0400 +@@ -172,6 +172,11 @@ + #endif + TSRMLS_FETCH(); + ++ if (strlen(url) != len) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Curl option contains invalid characters (\\0)"); ++ return 0; ++ } ++ + /* Disable file:// if open_basedir or safe_mode are used */ + if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) { + #if LIBCURL_VERSION_NUM >= 0x071304 +Index: php5-5.3.10/ext/curl/tests/bug68089.phpt +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ php5-5.3.10/ext/curl/tests/bug68089.phpt 2014-10-28 14:54:02.667549328 -0400 +@@ -0,0 +1,18 @@ ++--TEST-- ++Bug #68089 (NULL byte injection - cURL lib) ++--SKIPIF-- ++<?php ++include 'skipif.inc'; ++ ++?> ++--FILE-- ++<?php ++$url = "file:///etc/passwd\0http://google.com"; ++$ch = curl_init(); ++var_dump(curl_setopt($ch, CURLOPT_URL, $url)); ++?> ++Done ++--EXPECTF-- ++Warning: curl_setopt(): Curl option contains invalid characters (\0) in %s/bug68089.php on line 4 ++bool(false) ++Done |