File: 116-CVE-2007-0906_session.patch

package info (click to toggle)
php5 5.2.0%2Bdfsg-8%2Betch16
  • links: PTS
  • area: main
  • in suites: etch
  • size: 58,940 kB
  • ctags: 45,388
  • sloc: ansic: 533,605; sh: 17,835; php: 11,336; cpp: 4,289; xml: 3,809; yacc: 2,446; lex: 2,174; makefile: 1,150; tcl: 1,128; awk: 693; perl: 71; sql: 22; pascal: 15
file content (15 lines) | stat: -rw-r--r-- 492 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
 
diff -Nurp orig/ext/session/session.c new/ext/session/session.c
--- orig/ext/session/session.c	2007-02-21 08:40:31.000000000 +0100
+++ new/ext/session/session.c	2007-02-21 08:41:11.000000000 +0100
@@ -433,6 +433,11 @@ PS_SERIALIZER_DECODE_FUNC(php_binary)
 
 	for (p = val; p < endptr; ) {
 		namelen = *p & (~PS_BIN_UNDEF);
+
+		if (namelen > PS_BIN_MAX || (p + namelen) >= endptr) {
+			return FAILURE;
+		}
+
 		has_value = *p & PS_BIN_UNDEF ? 0 : 1;
 
 		name = estrndup(p + 1, namelen);