File: CVE-2011-1938.patch

package info (click to toggle)
php5 5.3.3-7%2Bsqueeze19
  • links: PTS, VCS
  • area: main
  • in suites: squeeze
  • size: 122,836 kB
  • ctags: 55,742
  • sloc: ansic: 633,963; php: 19,620; sh: 11,344; xml: 5,816; cpp: 2,400; yacc: 1,745; exp: 1,514; makefile: 1,019; pascal: 623; awk: 537; sql: 22
file content (14 lines) | stat: -rw-r--r-- 380 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
 
--- a/ext/sockets/sockets.c
+++ b/ext/sockets/sockets.c
@@ -1334,6 +1334,11 @@ PHP_FUNCTION(socket_connect)
 			break;
 
 		case AF_UNIX:
+			if (addr_len >= sizeof(s_un.sun_path)) {
+				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Path too long", php_sock->type);
+				RETURN_FALSE;
+			}
+				
 			memset(&s_un, 0, sizeof(struct sockaddr_un));
 
 			s_un.sun_family = AF_UNIX;