Sean Finney
2007-Apr-20 21:16 UTC
[Secure-testing-commits] r5689 - data/patches/MOPB/php4-etch
Author: seanius
Date: 2007-04-20 21:16:39 +0000 (Fri, 20 Apr 2007)
New Revision: 5689
Modified:
data/patches/MOPB/php4-etch/071-CVE-2007-1380-MOPB-10.patch
Log:
update context to reflect previous patching
Modified: data/patches/MOPB/php4-etch/071-CVE-2007-1380-MOPB-10.patch
==================================================================---
data/patches/MOPB/php4-etch/071-CVE-2007-1380-MOPB-10.patch 2007-04-20 13:55:19
UTC (rev 5688)
+++ data/patches/MOPB/php4-etch/071-CVE-2007-1380-MOPB-10.patch 2007-04-20
21:16:39 UTC (rev 5689)
@@ -1,14 +1,11 @@
--- php4-4.4.4/ext/session/session.c 2006/12/26 16:53:47 1.417.2.8.2.22
+++ php4-4.4.4/ext/session/session.c 2006/12/31 22:25:55 1.417.2.8.2.23
-@@ -471,6 +471,11 @@
- for (p = val; p < endptr; ) {
+@@ -471,7 +471,7 @@
zval **tmp;
namelen = *p & (~PS_BIN_UNDEF);
-+
-+ if (namelen < 0 || namelen > PS_BIN_MAX || (p + namelen) >= endptr)
{
-+ return FAILURE;
-+ }
-+
- has_value = *p & PS_BIN_UNDEF ? 0 : 1;
-
- name = estrndup(p + 1, namelen);
+
+- if (namelen > PS_BIN_MAX || (p + namelen) >= endptr) {
++ if ((namelen < 0 || namelen > PS_BIN_MAX || (p + namelen) >=
endptr) {
+ return FAILURE;
+ }
+