[Pkg-php-commits] [php/debian-etch] Revert "fix for CVE-2008-5557: Heap based overflow in mbstring extension"
Sean Finney
seanius at debian.org
Tue Apr 28 21:23:27 UTC 2009
This reverts commit abafc5330cede8260890b3083b739891bd029d62.
oops, this was already fixed.
---
debian/patches/224_SECURITY_CVE-2008-5557.patch | 47 -----------------------
1 files changed, 0 insertions(+), 47 deletions(-)
delete mode 100644 debian/patches/224_SECURITY_CVE-2008-5557.patch
diff --git a/debian/patches/224_SECURITY_CVE-2008-5557.patch b/debian/patches/224_SECURITY_CVE-2008-5557.patch
deleted file mode 100644
index 160684b..0000000
--- a/debian/patches/224_SECURITY_CVE-2008-5557.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-#
-# Description: fix mbstring extension arbitrary code execution via crafted
-# string containing HTML entity.
-# Ubuntu: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/317672
-# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511493
-# Upstream: http://bugs.php.net/bug.php?id=45722
-# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c?hideattic=0&r1=1.7&r2=1.8
-#
-diff -Naur php5-5.1.2.ori/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c php5-5.1.2/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c
---- php5-5.1.2.ori/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c 2005-02-21 05:12:43.000000000 -0500
-+++ php5-5.1.2/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c 2009-01-28 10:16:32.000000000 -0500
-@@ -232,8 +232,7 @@
- mbfl_filt_conv_html_dec_flush(filter);
- if (c=='&')
- {
-- filter->status = 1;
-- buffer[0] = '&';
-+ buffer[filter->status++] = '&';
- }
- }
- }
-@@ -244,17 +243,19 @@
- int mbfl_filt_conv_html_dec_flush(mbfl_convert_filter *filter)
- {
- int status, pos = 0;
-- char *buffer;
-+ unsigned char *buffer;
-+ int err = 0;
-
-- buffer = (char*)filter->opaque;
-+ buffer = (unsigned char*)filter->opaque;
- status = filter->status;
-+ filter->status = 0;
- /* flush fragments */
- while (status--) {
-- CK((*filter->output_function)(buffer[pos++], filter->data));
-+ int e = (*filter->output_function)(buffer[pos++], filter->data);
-+ if (e != 0)
-+ err = e;
- }
-- filter->status = 0;
-- /*filter->buffer = 0; of cause NOT*/
-- return 0;
-+ return err;
- }
-
-
--
1.5.6.5
More information about the Pkg-php-commits
mailing list