[Pkg-php-commits] [php/debian-sid] Cherry-pick fix for CVE-2010-3436
Ondřej Surý
ondrej at sury.org
Wed Nov 17 09:48:09 UTC 2010
---
debian/patches/CVE-2010-3436.patch | 18 ++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 19 insertions(+), 0 deletions(-)
create mode 100644 debian/patches/CVE-2010-3436.patch
diff --git a/debian/patches/CVE-2010-3436.patch b/debian/patches/CVE-2010-3436.patch
new file mode 100644
index 0000000..0486615
--- /dev/null
+++ b/debian/patches/CVE-2010-3436.patch
@@ -0,0 +1,18 @@
+--- a/main/fopen_wrappers.c
++++ b/main/fopen_wrappers.c
+@@ -239,8 +239,13 @@ PHPAPI int php_check_specific_open_based
+ #else
+ if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) {
+ #endif
+- /* File is in the right directory */
+- return 0;
++ if (resolved_name_len > resolved_basedir_len &&
++ resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) {
++ return -1;
++ } else {
++ /* File is in the right directory */
++ return 0;
++ }
+ } else {
+ /* /openbasedir/ and /openbasedir are the same directory */
+ if (resolved_basedir_len == (resolved_name_len + 1) && resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) {
diff --git a/debian/patches/series b/debian/patches/series
index 383095b..643ec16 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -64,3 +64,4 @@ bug50481.patch
fix_crash_in__php_mssql_get_column_content_without_type.patch
bug52827.patch
bug52843.patch
+CVE-2010-3436.patch
--
1.7.1
More information about the Pkg-php-commits
mailing list