[Pkg-php-commits] [php/debian-etch] CVE-2009-0754.patch: mbstring.func_overload leakage between apache2 vhosts

[Sean Finney]

(cherry-picked from 2d73f5fcd24b0a2692beed4784ffc5e530bbe4ea)

Closes: #523049

Conflicts:

	debian/patches/series
---
 debian/patches/CVE-2009-0754.patch |   27 +++++++++++++++++++++++++++
 1 files changed, 27 insertions(+), 0 deletions(-)
 create mode 100644 debian/patches/CVE-2009-0754.patch

diff --git a/debian/patches/CVE-2009-0754.patch b/debian/patches/CVE-2009-0754.patch
new file mode 100644
index 0000000..aaa4e20
--- /dev/null
+++ b/debian/patches/CVE-2009-0754.patch
@@ -0,0 +1,27 @@
+#
+# Description: fix mbstring.func_overload setting in .htaccess affects
+#              other virtual hosts.
+# Patch: http://cvsweb.php.net/viewvc.cgi/php-src/ext/mbstring/mbstring.c?r1=1.276&r2=1.277
+# Upstream: http://bugs.php.net/bug.php?id=27421
+#
+diff -Nur php5-5.2.4/ext/mbstring/mbstring.c php5-5.2.4.new/ext/mbstring/mbstring.c
+--- php5-5.2.4/ext/mbstring/mbstring.c	2007-07-12 11:31:54.000000000 -0400
++++ php5-5.2.4.new/ext/mbstring/mbstring.c	2009-04-15 13:31:19.000000000 -0400
+@@ -1020,9 +1020,14 @@
+  	/*  clear overloaded function. */
+ 	if (MBSTRG(func_overload)){
+ 		p = &(mb_ovld[0]);
+-		while (p->type > 0 && zend_hash_find(EG(function_table), p->save_func, strlen(p->save_func)+1 , (void **)&orig) == SUCCESS) {
+-			zend_hash_update(EG(function_table), p->orig_func, strlen(p->orig_func)+1, orig, sizeof(zend_function), NULL);
+-			zend_hash_del(EG(function_table), p->save_func, strlen(p->save_func)+1);
++		while (p->type > 0) {
++			if ((MBSTRG(func_overload) & p->type) == p->type && 
++				zend_hash_find(EG(function_table), p->save_func,
++					strlen(p->save_func)+1, (void **)&orig) == SUCCESS) {
++
++				zend_hash_update(EG(function_table), p->orig_func, strlen(p->orig_func)+1, orig, sizeof(zend_function), NULL);
++				zend_hash_del(EG(function_table), p->save_func, strlen(p->save_func)+1);
++			}
+ 			p++;
+ 		}
+ 	}
-- 
1.5.6.5