File: 136-CVE-2008-2051.patch

package info (click to toggle)

php5 5.2.0%2Bdfsg-8%2Betch16

links: PTS
area: main
in suites: etch
size: 58,940 kB
ctags: 45,388
sloc: ansic: 533,605; sh: 17,835; php: 11,336; cpp: 4,289; xml: 3,809; yacc: 2,446; lex: 2,174; makefile: 1,150; tcl: 1,128; awk: 693; perl: 71; sql: 22; pascal: 15

file content (15 lines) | stat: -rw-r--r-- 490 bytes

http://cvs.php.net/viewvc.cgi/php-src/ext/standard/exec.c?r1=1.113.2.3.2.1.2.3&r2=1.113.2.3.2.1.2.4&view=patch
--- old/ext/standard/exec.c	2007/12/31 07:17:14	1.113.2.3.2.1.2.3
+++ new/ext/standard/exec.c	2008/03/17 23:01:27	1.113.2.3.2.1.2.4
@@ -271,6 +271,11 @@
 	cmd = safe_emalloc(2, l, 1);
 
 	for (x = 0, y = 0; x < l; x++) {
+		/* skip non-valid multibyte characters */
+		if (php_mblen(str + x, (l - x)) < 0) {
+			continue;
+		}
+
 		switch (str[x]) {
 			case '"':
 			case '\'':