diff options
Diffstat (limited to 'curl_embedded_null.patch')
-rw-r--r-- | curl_embedded_null.patch | 43 |
1 files changed, 0 insertions, 43 deletions
diff --git a/curl_embedded_null.patch b/curl_embedded_null.patch deleted file mode 100644 index eca9b1d1c39e..000000000000 --- a/curl_embedded_null.patch +++ /dev/null @@ -1,43 +0,0 @@ -Description: fix local file disclosure via curl NULL byte injection -Origin: backport, http://git.php.net/?p=php-src.git;a=commit;h=ab0939e5e5449cba04b02fff3a5595f725bce0a0 -Bug: https://bugs.php.net/bug.php?id=68089 - -Index: php5-5.3.10/ext/curl/interface.c -=================================================================== ---- php5-5.3.10.orig/ext/curl/interface.c 2014-10-28 14:54:02.671549358 -0400 -+++ php5-5.3.10/ext/curl/interface.c 2014-10-28 14:54:49.427898135 -0400 -@@ -172,6 +172,11 @@ - #endif - TSRMLS_FETCH(); - -+ if (strlen(url) != len) { -+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Curl option contains invalid characters (\\0)"); -+ return 0; -+ } -+ - /* Disable file:// if open_basedir or safe_mode are used */ - if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) { - #if LIBCURL_VERSION_NUM >= 0x071304 -Index: php5-5.3.10/ext/curl/tests/bug68089.phpt -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ php5-5.3.10/ext/curl/tests/bug68089.phpt 2014-10-28 14:54:02.667549328 -0400 -@@ -0,0 +1,18 @@ -+--TEST-- -+Bug #68089 (NULL byte injection - cURL lib) -+--SKIPIF-- -+<?php -+include 'skipif.inc'; -+ -+?> -+--FILE-- -+<?php -+$url = "file:///etc/passwd\0http://google.com"; -+$ch = curl_init(); -+var_dump(curl_setopt($ch, CURLOPT_URL, $url)); -+?> -+Done -+--EXPECTF-- -+Warning: curl_setopt(): Curl option contains invalid characters (\0) in %s/bug68089.php on line 4 -+bool(false) -+Done |