aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Deutschmann <whissi@gentoo.org>2019-11-19 11:28:57 +0100
committerThomas Deutschmann <whissi@gentoo.org>2019-11-19 11:28:57 +0100
commitecf6ddfb4f0450fa626d15e2f771e4cc3f044fac (patch)
tree4c03fba38dbc9a12fd7b15e417b67574df589f98
parentAdd backports from 7.1.32 (diff)
downloadphp-patches-ecf6ddfb4f0450fa626d15e2f771e4cc3f044fac.tar.gz
php-patches-ecf6ddfb4f0450fa626d15e2f771e4cc3f044fac.tar.bz2
php-patches-ecf6ddfb4f0450fa626d15e2f771e4cc3f044fac.zip
Add backports from 7.1.337.1.33bpphp5.6
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
-rw-r--r--00210_October2019-backports.patch28
1 files changed, 28 insertions, 0 deletions
diff --git a/00210_October2019-backports.patch b/00210_October2019-backports.patch
new file mode 100644
index 0000000..8d3612e
--- /dev/null
+++ b/00210_October2019-backports.patch
@@ -0,0 +1,28 @@
+From af6607e207005b4757f7679d34f060b674da08c6 Mon Sep 17 00:00:00 2001
+From: Jakub Zelenka <bukka@php.net>
+Date: Sat, 12 Oct 2019 15:56:16 +0100
+Subject: [PATCH] Fix bug #78599 (env_path_info underflow can lead to RCE)
+ (CVE-2019-11043)
+
+cheery-picked from ab061f95ca966731b1c84cf5b7b20155c0a1c06a
+without the test as tester not available
+---
+ sapi/fpm/fpm/fpm_main.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c
+index d12ac018..22b889c1 100644
+--- a/sapi/fpm/fpm/fpm_main.c
++++ b/sapi/fpm/fpm/fpm_main.c
+@@ -1245,8 +1245,8 @@ static void init_request_info(TSRMLS_D)
+ path_info = script_path_translated + ptlen;
+ tflag = (slen != 0 && (!orig_path_info || strcmp(orig_path_info, path_info) != 0));
+ } else {
+- path_info = env_path_info ? env_path_info + pilen - slen : NULL;
+- tflag = (orig_path_info != path_info);
++ path_info = (env_path_info && pilen > slen) ? env_path_info + pilen - slen : NULL;
++ tflag = path_info && (orig_path_info != path_info);
+ }
+
+ if (tflag) {
+