[Pkg-php-commits] [php/debian-etch] CVE-2009-0754.patch: mbstring.func_overload leakage between apache2 vhosts
Sean Finney
seanius at debian.org
Tue Apr 28 12:15:45 UTC 2009
(cherry-picked from 2d73f5fcd24b0a2692beed4784ffc5e530bbe4ea)
Closes: #523049
Conflicts:
debian/patches/series
---
debian/patches/CVE-2009-0754.patch | 27 +++++++++++++++++++++++++++
1 files changed, 27 insertions(+), 0 deletions(-)
create mode 100644 debian/patches/CVE-2009-0754.patch
diff --git a/debian/patches/CVE-2009-0754.patch b/debian/patches/CVE-2009-0754.patch
new file mode 100644
index 0000000..aaa4e20
--- /dev/null
+++ b/debian/patches/CVE-2009-0754.patch
@@ -0,0 +1,27 @@
+#
+# Description: fix mbstring.func_overload setting in .htaccess affects
+# other virtual hosts.
+# Patch: http://cvsweb.php.net/viewvc.cgi/php-src/ext/mbstring/mbstring.c?r1=1.276&r2=1.277
+# Upstream: http://bugs.php.net/bug.php?id=27421
+#
+diff -Nur php5-5.2.4/ext/mbstring/mbstring.c php5-5.2.4.new/ext/mbstring/mbstring.c
+--- php5-5.2.4/ext/mbstring/mbstring.c 2007-07-12 11:31:54.000000000 -0400
++++ php5-5.2.4.new/ext/mbstring/mbstring.c 2009-04-15 13:31:19.000000000 -0400
+@@ -1020,9 +1020,14 @@
+ /* clear overloaded function. */
+ if (MBSTRG(func_overload)){
+ p = &(mb_ovld[0]);
+- while (p->type > 0 && zend_hash_find(EG(function_table), p->save_func, strlen(p->save_func)+1 , (void **)&orig) == SUCCESS) {
+- zend_hash_update(EG(function_table), p->orig_func, strlen(p->orig_func)+1, orig, sizeof(zend_function), NULL);
+- zend_hash_del(EG(function_table), p->save_func, strlen(p->save_func)+1);
++ while (p->type > 0) {
++ if ((MBSTRG(func_overload) & p->type) == p->type &&
++ zend_hash_find(EG(function_table), p->save_func,
++ strlen(p->save_func)+1, (void **)&orig) == SUCCESS) {
++
++ zend_hash_update(EG(function_table), p->orig_func, strlen(p->orig_func)+1, orig, sizeof(zend_function), NULL);
++ zend_hash_del(EG(function_table), p->save_func, strlen(p->save_func)+1);
++ }
+ p++;
+ }
+ }
--
1.5.6.5
More information about the Pkg-php-commits
mailing list