[Pkg-php-commits] [php/debian-sid] Updated suhosin patch to 0.9.10
Ondřej Surý
ondrej at sury.org
Mon Jan 24 07:53:32 UTC 2011
---
debian/patches/suhosin.patch | 87 ++++++++++++++++++++++++++++++++++++------
1 files changed, 75 insertions(+), 12 deletions(-)
diff --git a/debian/patches/suhosin.patch b/debian/patches/suhosin.patch
index 77d0855..2516d97 100644
--- a/debian/patches/suhosin.patch
+++ b/debian/patches/suhosin.patch
@@ -173,6 +173,15 @@ the following modifications have been made:
/*
--- a/Zend/zend_alloc.c
+++ b/Zend/zend_alloc.c
+@@ -18,7 +18,7 @@
+ +----------------------------------------------------------------------+
+ */
+
+-/* $Id: zend_alloc.c 301262 2010-07-14 10:27:08Z dmitry $ */
++/* $Id: zend_alloc.c 294518 2010-02-04 09:48:02Z pajoye $ */
+
+ #include "zend.h"
+ #include "zend_alloc.h"
@@ -32,6 +32,10 @@
# include <unistd.h>
#endif
@@ -564,7 +573,7 @@ the following modifications have been made:
*mm_heap = *heap;
-@@ -1100,15 +1210,15 @@ ZEND_API zend_mm_heap *zend_mm_startup_e
+@@ -1100,22 +1210,22 @@ ZEND_API zend_mm_heap *zend_mm_startup_e
orig = ZEND_MM_SMALL_FREE_BUCKET(heap, 0);
for (i = 0; i < ZEND_MM_NUM_BUCKETS; i++) {
q = p;
@@ -586,6 +595,14 @@ the following modifications have been made:
p = (zend_mm_free_block*)((char*)p + sizeof(zend_mm_free_block*) * 2);
orig = (zend_mm_free_block*)((char*)orig + sizeof(zend_mm_free_block*) * 2);
if (mm_heap->large_free_buckets[i]) {
+ mm_heap->large_free_buckets[i]->parent = &mm_heap->large_free_buckets[i];
+ }
+ }
+- mm_heap->rest_buckets[0] = mm_heap->rest_buckets[1] = ZEND_MM_REST_BUCKET(mm_heap);
++ mm_heap->rest_buckets[0] = mm_heap->rest_buckets[1] = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(mm_heap));
+
+ free(heap);
+ heap = mm_heap;
@@ -1123,7 +1233,11 @@ ZEND_API zend_mm_heap *zend_mm_startup_e
return heap;
}
@@ -1143,7 +1160,7 @@ the following modifications have been made:
ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC);
--- /dev/null
+++ b/Zend/zend_alloc_canary.c
-@@ -0,0 +1,2502 @@
+@@ -0,0 +1,2498 @@
+/*
+ +----------------------------------------------------------------------+
+ | Suhosin-Patch for PHP |
@@ -2347,11 +2364,7 @@ the following modifications have been made:
+ mm_heap->large_free_buckets[i]->parent = &mm_heap->large_free_buckets[i];
+ }
+ }
-+
-+ tmp = SUHOSIN_MANGLE_PTR(mm_heap->rest_buckets[0]);
-+ tmp->next_free_block = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(mm_heap));
-+ tmp = SUHOSIN_MANGLE_PTR(mm_heap->rest_buckets[1]);
-+ tmp->prev_free_block = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(mm_heap));
++ mm_heap->rest_buckets[0] = mm_heap->rest_buckets[1] = SUHOSIN_MANGLE_PTR(ZEND_MM_REST_BUCKET(mm_heap));
+
+ free(heap);
+ heap = mm_heap;
@@ -4487,6 +4500,18 @@ the following modifications have been made:
if test -r "$abs_srcdir/Zend/zend_objects.c"; then
PHP_ADD_SOURCES(Zend, zend_objects.c zend_object_handlers.c zend_objects_API.c zend_default_classes.c)
+--- a/ext/phar/stream.c
++++ b/ext/phar/stream.c
+@@ -470,7 +470,8 @@ static int phar_stream_flush(php_stream
+ if (stream->mode[0] == 'w' || (stream->mode[0] == 'r' && stream->mode[1] == '+')) {
+ ret = phar_flush(((phar_entry_data *)stream->abstract)->phar, 0, 0, 0, &error TSRMLS_CC);
+ if (error) {
+- php_stream_wrapper_log_error(stream->wrapper, REPORT_ERRORS TSRMLS_CC, error);
++ /* Fix format string vulnerability here, too because PHP.net did not */
++ php_stream_wrapper_log_error(stream->wrapper, REPORT_ERRORS TSRMLS_CC, "%s", error);
+ efree(error);
+ }
+ return ret;
--- a/ext/standard/dl.c
+++ b/ext/standard/dl.c
@@ -249,6 +249,23 @@ PHPAPI int php_load_extension(char *file
@@ -4679,12 +4704,31 @@ the following modifications have been made:
--- a/main/snprintf.c
+++ b/main/snprintf.c
-@@ -1091,7 +1091,11 @@ static int format_converter(register buf
+@@ -780,6 +780,10 @@ static int format_converter(register buf
+ */
+ switch (*fmt) {
+ case 'Z':
++#if SUHOSIN_PATCH
++ zend_suhosin_log(S_MISC, "'Z' specifier within format string");
++ goto skip_output;
++#else
+ zvp = (zval*) va_arg(ap, zval*);
+ zend_make_printable_zval(zvp, &zcopy, &free_zcopy);
+ if (free_zcopy) {
+@@ -790,6 +794,7 @@ static int format_converter(register buf
+ if (adjust_precision && precision < s_len) {
+ s_len = precision;
+ }
++#endif
+ break;
+ case 'u':
+ switch(modifier) {
+@@ -1091,7 +1096,11 @@ static int format_converter(register buf
case 'n':
+#if SUHOSIN_PATCH
-+ zend_suhosin_log(S_MISC, "'n' specifier within format string");
++ zend_suhosin_log(S_MISC, "'n' specifier within format string");
+#else
*(va_arg(ap, int *)) = cc;
+#endif
@@ -4693,12 +4737,31 @@ the following modifications have been made:
/*
--- a/main/spprintf.c
+++ b/main/spprintf.c
-@@ -698,7 +698,11 @@ static void xbuf_format_converter(smart_
+@@ -388,6 +388,10 @@ static void xbuf_format_converter(smart_
+ */
+ switch (*fmt) {
+ case 'Z':
++#if SUHOSIN_PATCH
++ zend_suhosin_log(S_MISC, "'Z' specifier within format string");
++ goto skip_output;
++#else
+ zvp = (zval*) va_arg(ap, zval*);
+ zend_make_printable_zval(zvp, &zcopy, &free_zcopy);
+ if (free_zcopy) {
+@@ -398,6 +402,7 @@ static void xbuf_format_converter(smart_
+ if (adjust_precision && precision < s_len) {
+ s_len = precision;
+ }
++#endif
+ break;
+ case 'u':
+ switch(modifier) {
+@@ -698,7 +703,11 @@ static void xbuf_format_converter(smart_
case 'n':
+#if SUHOSIN_PATCH
-+ zend_suhosin_log(S_MISC, "'n' specifier within format string");
++ zend_suhosin_log(S_MISC, "'n' specifier within format string");
+#else
*(va_arg(ap, int *)) = xbuf->len;
+#endif
@@ -5451,7 +5514,7 @@ the following modifications have been made:
+
+#include "zend.h"
+
-+#define SUHOSIN_PATCH_VERSION "0.9.9.1"
++#define SUHOSIN_PATCH_VERSION "0.9.10"
+
+#define SUHOSIN_LOGO_GUID "SUHO8567F54-D428-14d2-A769-00DA302A5F18"
+
--
1.7.1
More information about the Pkg-php-commits
mailing list