[Pkg-php-commits] [php/debian-etch] Revert "fix for CVE-2008-5557: Heap based overflow in mbstring extension"

Sean Finney seanius at debian.org
Tue Apr 28 21:23:27 UTC 2009 

This reverts commit abafc5330cede8260890b3083b739891bd029d62.

oops, this was already fixed.
---
 debian/patches/224_SECURITY_CVE-2008-5557.patch |   47 -----------------------
 1 files changed, 0 insertions(+), 47 deletions(-)
 delete mode 100644 debian/patches/224_SECURITY_CVE-2008-5557.patch

diff --git a/debian/patches/224_SECURITY_CVE-2008-5557.patch b/debian/patches/224_SECURITY_CVE-2008-5557.patch
deleted file mode 100644
index 160684b..0000000
--- a/debian/patches/224_SECURITY_CVE-2008-5557.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-#
-# Description: fix mbstring extension arbitrary code execution via crafted
-#              string containing HTML entity.
-# Ubuntu: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/317672
-# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511493
-# Upstream: http://bugs.php.net/bug.php?id=45722 
-# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c?hideattic=0&r1=1.7&r2=1.8
-#
-diff -Naur php5-5.1.2.ori/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c php5-5.1.2/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c
---- php5-5.1.2.ori/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c	2005-02-21 05:12:43.000000000 -0500
-+++ php5-5.1.2/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c	2009-01-28 10:16:32.000000000 -0500
-@@ -232,8 +232,7 @@
- 				mbfl_filt_conv_html_dec_flush(filter);
- 				if (c=='&')
- 				{
--					filter->status = 1;
--					buffer[0] = '&';
-+					buffer[filter->status++] = '&';
- 				}
- 			}
- 		}
-@@ -244,17 +243,19 @@
- int mbfl_filt_conv_html_dec_flush(mbfl_convert_filter *filter)
- {
- 	int status, pos = 0;
--	char *buffer;
-+	unsigned char *buffer;
-+	int err = 0;
- 
--	buffer = (char*)filter->opaque;
-+	buffer = (unsigned char*)filter->opaque;
- 	status = filter->status;
-+	filter->status = 0;
- 	/* flush fragments */
- 	while (status--) {
--		CK((*filter->output_function)(buffer[pos++], filter->data));
-+		int e = (*filter->output_function)(buffer[pos++], filter->data);
-+		if (e != 0)
-+			err = e;
- 	}
--	filter->status = 0;
--	/*filter->buffer = 0; of cause NOT*/
--	return 0;
-+	return err;
- }
- 
- 
-- 
1.5.6.5

More information about the Pkg-php-commits mailing list