File: CVE-2014-3710.patch

package info (click to toggle)
php5 5.3.3.1-7%2Bsqueeze29
  • links: PTS, VCS
  • area: main
  • in suites: squeeze-lts
  • size: 123,520 kB
  • ctags: 55,742
  • sloc: ansic: 633,963; php: 19,620; sh: 11,344; xml: 5,816; cpp: 2,400; yacc: 1,745; exp: 1,514; makefile: 1,019; pascal: 623; awk: 537; sql: 22
file content (32 lines) | stat: -rw-r--r-- 1,016 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
From: Remi Collet <remi@php.net>
Date: Wed, 22 Oct 2014 13:37:04 +0000 (+0200)
Subject: Fix bug #68283: fileinfo: out-of-bounds read in elf note headers
X-Git-Tag: php-5.4.35~10
X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=commitdiff_plain;h=1803228597e82218a8c105e67975bc50e6f5bf0d

Fix bug #68283: fileinfo: out-of-bounds read in elf note headers

Upstream commit
https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0

CVE -2014-3710
---

Index: php5-5.3.3/ext/fileinfo/libmagic/readelf.c
===================================================================
--- php5-5.3.3.orig/ext/fileinfo/libmagic/readelf.c	2014-11-23 15:43:50.000000000 +0100
+++ php5-5.3.3/ext/fileinfo/libmagic/readelf.c	2014-11-23 15:43:50.000000000 +0100
@@ -375,6 +375,13 @@
 #endif
 	uint32_t namesz, descsz;
 
+	if (xnh_sizeof + offset > size) {
+		/*
+		 * We're out of note headers.
+		 */
+		return xnh_sizeof + offset;
+	}
+
 	(void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
 	offset += xnh_sizeof;