mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

php: fix CVE-2019-11043

Browse Source 
Backport unmodified patch from git.php.net.  Fixed in php 7.3.11.

Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Slater, Joseph
2019-11-12 13:22:44 -08:00
committed by Armin Kuster
parent aad5b3d070
commit 635b211e0f
2 changed files with 39 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-devtools/php/php/CVE-2019-11043.patch
+38
View File
@@ -0,0 +1,38 @@
From ab061f95ca966731b1c84cf5b7b20155c0a1c06a Mon Sep 17 00:00:00 2001
From: Jakub Zelenka <bukka@php.net>
Date: Sat, 12 Oct 2019 15:56:16 +0100
Subject: [PATCH] Fix bug #78599 (env_path_info underflow can lead to RCE)
CVE: CVE-2019-11043
Fixed in php version 7.3.11.
Upstream-Status: Backport [https://git.php.net/repository/php-src.git]
Signed-off-by: Joe Slater <joe.slater@windriver.com>
---
NEWS | 4 +-
sapi/fpm/fpm/fpm_main.c | 4 +-
.../tests/bug78599-path-info-underflow.phpt | 61 +++++++++++++++++++
sapi/fpm/tests/tester.inc | 11 +++-
4 files changed, 75 insertions(+), 5 deletions(-)
create mode 100644 sapi/fpm/tests/bug78599-path-info-underflow.phpt
diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c
index 24a7e5d56a..50f92981f1 100644
--- a/sapi/fpm/fpm/fpm_main.c
+++ b/sapi/fpm/fpm/fpm_main.c
@@ -1209,8 +1209,8 @@ static void init_request_info(void)
path_info = script_path_translated + ptlen;
tflag = (slen != 0 && (!orig_path_info || strcmp(orig_path_info, path_info) != 0));
} else {
- path_info = env_path_info ? env_path_info + pilen - slen : NULL;
- tflag = (orig_path_info != path_info);
+ path_info = (env_path_info && pilen > slen) ? env_path_info + pilen - slen : NULL;
+ tflag = path_info && (orig_path_info != path_info);
}
if (tflag) {
--
2.17.1
meta-oe/recipes-devtools/php/php_7.3.9.bb
+1
View File
@@ -8,6 +8,7 @@ SRC_URI += "file://0001-acinclude.m4-don-t-unset-cache-variables.patch \
file://0001-Use-pkg-config-for-libxml2-detection.patch \
file://debian-php-fixheader.patch \
file://CVE-2019-6978.patch \
file://CVE-2019-11043.patch \
"
SRC_URI_append_class-target = " \
file://pear-makefile.patch \