php5.4: add debian u10 patchset

3.15-stable
parent 8ba726da20
commit de51589ffd
  1. 2
      testing/php5.4/APKBUILD
  2. 46
      testing/php5.4/d10-u001-CVE-2017-11628.patch

@ -217,6 +217,7 @@ source="https://www.php.net/distributions/$_pkgreal-$pkgver.tar.bz2
d09-u003-CVE-2017-11144.patch
d09-u004-CVE-2017-11145.patch
d09-u005-CVE-2017-11147.patch
d10-u001-CVE-2017-11628.patch
"
builddir="$srcdir/$_pkgreal-$pkgver"
@ -870,4 +871,5 @@ b94b9ad6af473fac409b3b91510142a6e8a3d866ce28456693c3c8ef6e706c7617f1254e045c83d0
ac65be6646776ffb94b015f877b3851c420ea08a068635cf34bd2eca14a9011b07e07f01b978ab6277dd8e59a7c37a79008352ec5fb4eb5cf4fbc47ec3e03f61 d09-u003-CVE-2017-11144.patch
5ed8ec98fc2d0e9ebd0d59c62130c3d93d41452a7bd67fa60125ef889139925cff03a9a6a460ccab8d9bc12e826e8d6039ae2257e22a4aaa48c33955366b79e9 d09-u004-CVE-2017-11145.patch
8041acbd1cd28421850492f7cecc4b16016fe996d3baefb25932374e84c8ca088e69636032a735d7e1a9949ff89326b241c0a25013df5bb1bfedf5bd9e72b29c d09-u005-CVE-2017-11147.patch
13098f0fc62f4f39411c67b1751b6980db1776de58691ecd9839a181b3377c7e05be9f9c1dbff374668a2cfb3b8905c7f15f6cf4f8c297296a8e7bdb21e21a5d d10-u001-CVE-2017-11628.patch
"

@ -0,0 +1,46 @@
From 05255749139b3686c8a6a58ee01131ac0047465e Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Tue, 20 Jun 2017 00:09:01 -0700
Subject: [PATCH] Fix bug #74603 - use correct buffer size
---
Zend/tests/bug74603.ini | 1 +
Zend/tests/bug74603.phpt | 15 +++++++++++++++
Zend/zend_ini_parser.y | 2 +-
3 files changed, 17 insertions(+), 1 deletion(-)
create mode 100644 Zend/tests/bug74603.ini
create mode 100644 Zend/tests/bug74603.phpt
--- /dev/null
+++ b/Zend/tests/bug74603.ini
@@ -0,0 +1 @@
+0=0&~2000000000
--- /dev/null
+++ b/Zend/tests/bug74603.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability)
+--SKIPIF--
+<?php
+if (PHP_INT_MAX !== 2147483647)
+ die('skip for 32-bit only');
+--FILE--
+<?php
+var_dump(parse_ini_file(__DIR__ . "/bug74603.ini", true, INI_SCANNER_NORMAL));
+?>
+--EXPECT--
+array(1) {
+ [0]=>
+ string(1) "0"
+}
--- a/Zend/zend_ini_parser.y
+++ b/Zend/zend_ini_parser.y
@@ -49,7 +49,7 @@ static void zend_ini_do_op(char type, zv
{
int i_result;
int i_op1, i_op2;
- char str_result[MAX_LENGTH_OF_LONG];
+ char str_result[MAX_LENGTH_OF_LONG+1];
i_op1 = atoi(Z_STRVAL_P(op1));
free(Z_STRVAL_P(op1));
Loading…
Cancel
Save