[Pkg-php-commits] r1100 - php5/trunk/debian/patches

Sun Jun 29 13:10:09 UTC 2008

Author: seanius
Date: 2008-06-29 13:10:08 +0000 (Sun, 29 Jun 2008)
New Revision: 1100

Added:
   php5/trunk/debian/patches/CVE-2008-2829.patch
Modified:
   php5/trunk/debian/patches/series
Log:
fix for CVE-2008-2829

Added: php5/trunk/debian/patches/CVE-2008-2829.patch
===================================================================

--- php5/trunk/debian/patches/CVE-2008-2829.patch	                        (rev 0)
+++ php5/trunk/debian/patches/CVE-2008-2829.patch	2008-06-29 13:10:08 UTC (rev 1100)
@@ -0,0 +1,79 @@
+--- php5-5.2.6.orig/ext/imap/php_imap.c
++++ php5-5.2.6/ext/imap/php_imap.c
+@@ -70,6 +70,7 @@ static void _php_make_header_object(zval
+ static void _php_imap_add_body(zval *arg, BODY *body TSRMLS_DC);
+ static void _php_imap_parse_address(ADDRESS *addresslist, char **fulladdress, zval *paddress TSRMLS_DC);
+ static int _php_imap_address_size(ADDRESS *addresslist);
++static void _php_rfc822_write_address_len (char *dest, ADDRESS *adr, int len);
+ 
+ /* the gets we use */
+ static char *php_mail_gets(readfn_t f, void *stream, unsigned long size, GETS_DATA *md);
+@@ -2142,7 +2143,7 @@ PHP_FUNCTION(imap_rfc822_write_address)
+ 	}
+ 
+ 	string[0]='\0';
+-	rfc822_write_address(string, addr);
++	_php_rfc822_write_address_len(string, addr, sizeof(string));
+ 	RETVAL_STRING(string, 1);
+ }
+ /* }}} */
+@@ -2911,13 +2912,13 @@ PHP_FUNCTION(imap_fetch_overview)
+ 				if (env->from && _php_imap_address_size(env->from) < MAILTMPLEN) {
+ 					env->from->next=NULL;
+ 					address[0] = '\0';
+-					rfc822_write_address(address, env->from);
++					_php_rfc822_write_address_len(address, env->from, sizeof(address));
+ 					add_property_string(myoverview, "from", address, 1);
+ 				}
+ 				if (env->to && _php_imap_address_size(env->to) < MAILTMPLEN) {
+ 					env->to->next = NULL;
+ 					address[0] = '\0';
+-					rfc822_write_address(address, env->to);
++					_php_rfc822_write_address_len(address, env->to, sizeof(address));
+ 					add_property_string(myoverview, "to", address, 1);
+ 				}
+ 				if (env->date) {
+@@ -3888,6 +3889,34 @@ static int _php_imap_address_size (ADDRE
+ /* }}} */
+ 
+ 
++/* {{{ _php_rfc822_soutr
++ */
++static long _php_rfc822_soutr (void *stream,char *string)
++{
++ return NIL;
++}
++
++/* }}} */
++
++
++/* {{{ _php_rfc822_write_address_len
++ */
++static void _php_rfc822_write_address_len ( char *dest, ADDRESS *adr, int len)
++{
++ RFC822BUFFER buf;
++
++ buf.beg = dest;
++ buf.cur = buf.beg;
++ buf.end = buf.beg + len - 1;
++ buf.s = NIL;
++ buf.f = _php_rfc822_soutr;
++ rfc822_output_address_list (&buf, adr, 0, NIL);
++ *buf.cur = '\0';
++}
++ 
++/* }}} */
++
++
+ /* {{{ _php_imap_parse_address
+  */
+ static void _php_imap_parse_address (ADDRESS *addresslist, char **fulladdress, zval *paddress TSRMLS_DC)
+@@ -3902,7 +3931,7 @@ static void _php_imap_parse_address (ADD
+ 	if ((len = _php_imap_address_size(addresstmp))) {
+ 		tmpstr = (char *) pemalloc(len + 1, 1);
+ 		tmpstr[0] = '\0';
+-		rfc822_write_address(tmpstr, addresstmp);
++		_php_rfc822_write_address_len(tmpstr, addresstmp, len);
+ 		*fulladdress = tmpstr;
+ 	} else {
+ 		*fulladdress = NULL;

Modified: php5/trunk/debian/patches/series
===================================================================
--- php5/trunk/debian/patches/series	2008-06-20 04:36:22 UTC (rev 1099)
+++ php5/trunk/debian/patches/series	2008-06-29 13:10:08 UTC (rev 1100)
@@ -32,3 +32,4 @@
 manpage_spelling.patch
 force_libmysqlclient_r.patch
 tzdb-nofree_ents_ifnotzdata.patch
+CVE-2008-2829.patch


