summarylogtreecommitdiffstats
path: root/CVE-2014-3669.patch
diff options
context:
space:
mode:
Diffstat (limited to 'CVE-2014-3669.patch')
-rw-r--r--CVE-2014-3669.patch56
1 files changed, 0 insertions, 56 deletions
diff --git a/CVE-2014-3669.patch b/CVE-2014-3669.patch
deleted file mode 100644
index 5266f37dbcd8..000000000000
--- a/CVE-2014-3669.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 9aa90145239bae82d2af0a99fdae4ab27eb5f4f2 Mon Sep 17 00:00:00 2001
-From: Stanislav Malyshev <stas@php.net>
-Date: Sun, 28 Sep 2014 14:19:31 -0700
-Subject: [PATCH] Fixed bug #68044: Integer overflow in unserialize() (32-bits
- only)
-
----
- ext/standard/tests/serialize/bug68044.phpt | 12 ++++++++++++
- ext/standard/var_unserializer.c | 4 ++--
- ext/standard/var_unserializer.re | 2 +-
- 3 files changed, 15 insertions(+), 3 deletions(-)
- create mode 100644 ext/standard/tests/serialize/bug68044.phpt
-
-Index: php5-5.3.10/ext/standard/tests/serialize/bug68044.phpt
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ php5-5.3.10/ext/standard/tests/serialize/bug68044.phpt 2014-10-28 10:47:49.392858855 -0400
-@@ -0,0 +1,12 @@
-+--TEST--
-+Bug #68044 Integer overflow in unserialize() (32-bits only)
-+--FILE--
-+<?php
-+ echo unserialize('C:3:"XYZ":18446744075857035259:{}');
-+?>
-+===DONE==
-+--EXPECTF--
-+Warning: Insufficient data for unserializing - %d required, 1 present in %s/bug68044.php on line 2
-+
-+Notice: unserialize(): Error at offset 32 of 33 bytes in %s/bug68044.php on line 2
-+===DONE==
-Index: php5-5.3.10/ext/standard/var_unserializer.c
-===================================================================
---- php5-5.3.10.orig/ext/standard/var_unserializer.c 2014-10-28 10:47:49.392858855 -0400
-+++ php5-5.3.10/ext/standard/var_unserializer.c 2014-10-28 10:47:49.392858855 -0400
-@@ -333,7 +333,7 @@
-
- (*p) += 2;
-
-- if (datalen < 0 || (*p) + datalen >= max) {
-+ if (datalen < 0 || (max - (*p)) <= datalen) {
- zend_error(E_WARNING, "Insufficient data for unserializing - %ld required, %ld present", datalen, (long)(max - (*p)));
- return 0;
- }
-Index: php5-5.3.10/ext/standard/var_unserializer.re
-===================================================================
---- php5-5.3.10.orig/ext/standard/var_unserializer.re 2014-10-28 10:47:49.392858855 -0400
-+++ php5-5.3.10/ext/standard/var_unserializer.re 2014-10-28 10:47:49.392858855 -0400
-@@ -339,7 +339,7 @@
-
- (*p) += 2;
-
-- if (datalen < 0 || (*p) + datalen >= max) {
-+ if (datalen < 0 || (max - (*p)) <= datalen) {
- zend_error(E_WARNING, "Insufficient data for unserializing - %ld required, %ld present", datalen, (long)(max - (*p)));
- return 0;
- }