[Pkg-php-commits] [php/debian-sid] Fix CVE-2010-3710 by cherry-picking r303779 from php svn (Closes: #601619)
Ondřej Surý
ondrej at sury.org
Wed Oct 27 21:42:06 UTC 2010
---
debian/patches/CVE-2010-3710.patch | 35 +++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 36 insertions(+), 0 deletions(-)
create mode 100644 debian/patches/CVE-2010-3710.patch
diff --git a/debian/patches/CVE-2010-3710.patch b/debian/patches/CVE-2010-3710.patch
new file mode 100644
index 0000000..29ac37d
--- /dev/null
+++ b/debian/patches/CVE-2010-3710.patch
@@ -0,0 +1,35 @@
+--- /dev/null
++++ b/ext/filter/tests/bug52929.phpt
+@@ -0,0 +1,18 @@
++--TEST--
++Bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data)
++--SKIPIF--
++<?php if (!extension_loaded("filter")) die("skip"); ?>
++--FILE--
++<?php
++var_dump(filter_var('valid at email.address', FILTER_VALIDATE_EMAIL));
++
++// Beyond the allowable limit for an e-mail address.
++var_dump(filter_var('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx at yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.zz', FILTER_VALIDATE_EMAIL));
++
++// An invalid address likely to crash PHP due to stack exhaustion if it goes to
++// the validation regex.
++var_dump(filter_var(str_repeat('x', 8000), FILTER_VALIDATE_EMAIL));
++--EXPECT--
++string(19) "valid at email.address"
++bool(false)
++bool(false)
+--- a/ext/filter/logical_filters.c
++++ b/ext/filter/logical_filters.c
+@@ -531,6 +531,11 @@ void php_filter_validate_email(PHP_INPUT
+ int matches;
+
+
++ /* The maximum length of an e-mail address is 320 octets, per RFC 2821. */
++ if (Z_STRLEN_P(value) > 320) {
++ RETURN_VALIDATION_FAILED
++ }
++
+ re = pcre_get_compiled_regex((char *)regexp, &pcre_extra, &preg_options TSRMLS_CC);
+ if (!re) {
+ RETURN_VALIDATION_FAILED
diff --git a/debian/patches/series b/debian/patches/series
index 9305012..d8eb3c9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -54,3 +54,4 @@ php-fpm-man-section-and-cleanup.patch
fpm-config.patch
CVE-2010-2950.patch
php-5.3.4-ini.patch
+CVE-2010-3710.patch
--
1.7.1
More information about the Pkg-php-commits
mailing list