diff options
Diffstat (limited to 'CVE-2015-2305.patch')
-rw-r--r-- | CVE-2015-2305.patch | 35 |
1 files changed, 0 insertions, 35 deletions
diff --git a/CVE-2015-2305.patch b/CVE-2015-2305.patch deleted file mode 100644 index e3309f408271..000000000000 --- a/CVE-2015-2305.patch +++ /dev/null @@ -1,35 +0,0 @@ -From fb04dcf6dbb48aecd8d2dc986806cb58c8ae5282 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev <stas@php.net> -Date: Tue, 17 Mar 2015 17:04:57 -0700 -Subject: [PATCH] Fix bug #69248 - heap overflow vulnerability in regcomp.c - -Merged from https://github.com/garyhouston/regex/commit/70bc2965604b6b8aaf260049e64c708dddf85334 ---- - NEWS | 3 +++ - ext/ereg/regex/regcomp.c | 10 +++++++++- - 2 files changed, 12 insertions(+), 1 deletion(-) - -diff --git a/ext/ereg/regex/regcomp.c b/ext/ereg/regex/regcomp.c -index 156eee9..f4bfc1c 100644 ---- a/ext/ereg/regex/regcomp.c -+++ b/ext/ereg/regex/regcomp.c -@@ -117,7 +117,15 @@ int cflags; - (NC-1)*sizeof(cat_t)); - if (g == NULL) - return(REG_ESPACE); -- p->ssize = len/(size_t)2*(size_t)3 + (size_t)1; /* ugh */ -+ { -+ /* Patched for CERT Vulnerability Note VU#695940, Feb 2015. */ -+ size_t new_ssize = len/(size_t)2*(size_t)3 + (size_t)1; /* ugh */ -+ if (new_ssize < len || new_ssize > LONG_MAX / sizeof(sop)) { -+ free((char *) g); -+ return REG_INVARG; -+ } -+ p->ssize = new_ssize; -+ } - p->strip = (sop *)malloc(p->ssize * sizeof(sop)); - p->slen = 0; - if (p->strip == NULL) { --- -2.1.4 - |