diff options
Diffstat (limited to 'CVE-2014-3669.patch')
-rw-r--r-- | CVE-2014-3669.patch | 56 |
1 files changed, 0 insertions, 56 deletions
diff --git a/CVE-2014-3669.patch b/CVE-2014-3669.patch deleted file mode 100644 index 5266f37dbcd8..000000000000 --- a/CVE-2014-3669.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 9aa90145239bae82d2af0a99fdae4ab27eb5f4f2 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev <stas@php.net> -Date: Sun, 28 Sep 2014 14:19:31 -0700 -Subject: [PATCH] Fixed bug #68044: Integer overflow in unserialize() (32-bits - only) - ---- - ext/standard/tests/serialize/bug68044.phpt | 12 ++++++++++++ - ext/standard/var_unserializer.c | 4 ++-- - ext/standard/var_unserializer.re | 2 +- - 3 files changed, 15 insertions(+), 3 deletions(-) - create mode 100644 ext/standard/tests/serialize/bug68044.phpt - -Index: php5-5.3.10/ext/standard/tests/serialize/bug68044.phpt -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ php5-5.3.10/ext/standard/tests/serialize/bug68044.phpt 2014-10-28 10:47:49.392858855 -0400 -@@ -0,0 +1,12 @@ -+--TEST-- -+Bug #68044 Integer overflow in unserialize() (32-bits only) -+--FILE-- -+<?php -+ echo unserialize('C:3:"XYZ":18446744075857035259:{}'); -+?> -+===DONE== -+--EXPECTF-- -+Warning: Insufficient data for unserializing - %d required, 1 present in %s/bug68044.php on line 2 -+ -+Notice: unserialize(): Error at offset 32 of 33 bytes in %s/bug68044.php on line 2 -+===DONE== -Index: php5-5.3.10/ext/standard/var_unserializer.c -=================================================================== ---- php5-5.3.10.orig/ext/standard/var_unserializer.c 2014-10-28 10:47:49.392858855 -0400 -+++ php5-5.3.10/ext/standard/var_unserializer.c 2014-10-28 10:47:49.392858855 -0400 -@@ -333,7 +333,7 @@ - - (*p) += 2; - -- if (datalen < 0 || (*p) + datalen >= max) { -+ if (datalen < 0 || (max - (*p)) <= datalen) { - zend_error(E_WARNING, "Insufficient data for unserializing - %ld required, %ld present", datalen, (long)(max - (*p))); - return 0; - } -Index: php5-5.3.10/ext/standard/var_unserializer.re -=================================================================== ---- php5-5.3.10.orig/ext/standard/var_unserializer.re 2014-10-28 10:47:49.392858855 -0400 -+++ php5-5.3.10/ext/standard/var_unserializer.re 2014-10-28 10:47:49.392858855 -0400 -@@ -339,7 +339,7 @@ - - (*p) += 2; - -- if (datalen < 0 || (*p) + datalen >= max) { -+ if (datalen < 0 || (max - (*p)) <= datalen) { - zend_error(E_WARNING, "Insufficient data for unserializing - %ld required, %ld present", datalen, (long)(max - (*p))); - return 0; - } |