File: 121-CVE-2007-2511_userfilters.patch

package info (click to toggle)
php5 5.2.0%2Bdfsg-8%2Betch16
  • links: PTS
  • area: main
  • in suites: etch
  • size: 58,940 kB
  • ctags: 45,388
  • sloc: ansic: 533,605; sh: 17,835; php: 11,336; cpp: 4,289; xml: 3,809; yacc: 2,446; lex: 2,174; makefile: 1,150; tcl: 1,128; awk: 693; perl: 71; sql: 22; pascal: 15
file content (36 lines) | stat: -rw-r--r-- 1,173 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
--- old/ext/standard/user_filters.c	2007/01/19 14:50:11	1.31.2.4.2.5
+++ new/ext/standard/user_filters.c	2007/01/25 00:27:19	1.31.2.4.2.6
@@ -256,6 +256,7 @@
 	zval *obj, *zfilter;
 	zval func_name;
 	zval *retval = NULL;
+	int len;
 	
 	/* some sanity checks */
 	if (persistent) {
@@ -264,9 +265,10 @@
 		return NULL;
 	}
 
+	len = strlen(filtername);
+
 	/* determine the classname/class entry */
-	if (FAILURE == zend_hash_find(BG(user_filter_map), (char*)filtername,
-				strlen(filtername), (void**)&fdat)) {
+	if (FAILURE == zend_hash_find(BG(user_filter_map), (char*)filtername, len + 1, (void**)&fdat)) {
 		char *period;
 
 		/* Userspace Filters using ambiguous wildcards could cause problems.
@@ -275,10 +277,10 @@
            TODO: Allow failed userfilter creations to continue
                  scanning through the list */
 		if ((period = strrchr(filtername, '.'))) {
-			char *wildcard;
+			char *wildcard = emalloc(len + 3);
 
 			/* Search for wildcard matches instead */
-			wildcard = estrdup(filtername);
+			memcpy(wildcard, filtername, len + 1); /* copy \0 */
 			period = wildcard + (period - filtername);
 			while (period) {
 				*period = '\0';