[Pkg-php-commits] [php/debian-sid] Fix CVE-2010-3710 by cherry-picking r303779 from php svn (Closes: #601619)

[Ondřej Surý]

---
 debian/patches/CVE-2010-3710.patch |   35 +++++++++++++++++++++++++++++++++++
 debian/patches/series              |    1 +
 2 files changed, 36 insertions(+), 0 deletions(-)
 create mode 100644 debian/patches/CVE-2010-3710.patch

diff --git a/debian/patches/CVE-2010-3710.patch b/debian/patches/CVE-2010-3710.patch
new file mode 100644
index 0000000..29ac37d
--- /dev/null
+++ b/debian/patches/CVE-2010-3710.patch
@@ -0,0 +1,35 @@
+--- /dev/null
++++ b/ext/filter/tests/bug52929.phpt
+@@ -0,0 +1,18 @@
++--TEST--
++Bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data)
++--SKIPIF--
++<?php if (!extension_loaded("filter")) die("skip"); ?>
++--FILE--
++<?php
++var_dump(filter_var('valid at email.address', FILTER_VALIDATE_EMAIL));
++
++// Beyond the allowable limit for an e-mail address.
++var_dump(filter_var('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx at yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.zz', FILTER_VALIDATE_EMAIL));
++
++// An invalid address likely to crash PHP due to stack exhaustion if it goes to
++// the validation regex.
++var_dump(filter_var(str_repeat('x', 8000), FILTER_VALIDATE_EMAIL));
++--EXPECT--	
++string(19) "valid at email.address"
++bool(false)
++bool(false)
+--- a/ext/filter/logical_filters.c
++++ b/ext/filter/logical_filters.c
+@@ -531,6 +531,11 @@ void php_filter_validate_email(PHP_INPUT
+ 	int         matches;
+ 
+ 
++	/* The maximum length of an e-mail address is 320 octets, per RFC 2821. */
++	if (Z_STRLEN_P(value) > 320) {
++		RETURN_VALIDATION_FAILED
++	}
++
+ 	re = pcre_get_compiled_regex((char *)regexp, &pcre_extra, &preg_options TSRMLS_CC);
+ 	if (!re) {
+ 		RETURN_VALIDATION_FAILED
diff --git a/debian/patches/series b/debian/patches/series
index 9305012..d8eb3c9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -54,3 +54,4 @@ php-fpm-man-section-and-cleanup.patch
 fpm-config.patch
 CVE-2010-2950.patch
 php-5.3.4-ini.patch
+CVE-2010-3710.patch
-- 
1.7.1