rpms / php55-php

Clone
Source Code
GIT

Blame SOURCES/php-5.5.6-CVE-2014-3479.patch

c7
  1.   e9ca132b9431febf65b3d6f309562d7167318697
  2.   SOURCES
  3.   php-5.5.6-CVE-2014-3479.patch
Blob History Raw
e9ca13 
From 5c9f96799961818944d43b22c241cc56c215c2e4 Mon Sep 17 00:00:00 2001
e9ca13 
From: Remi Collet <remi@php.net>
e9ca13 
Date: Tue, 10 Jun 2014 14:13:14 +0200
e9ca13 
Subject: [PATCH] Fixed Bug #67411 	fileinfo: cdf_check_stream_offset
e9ca13 
 insufficient boundary check
e9ca13
e9ca13 
Upstream:
e9ca13 
https://github.com/file/file/commit/36fadd29849b8087af9f4586f89dbf74ea45be67
e9ca13 
---
e9ca13 
 ext/fileinfo/libmagic/cdf.c | 6 ++++--
e9ca13 
 1 file changed, 4 insertions(+), 2 deletions(-)
e9ca13
e9ca13 
diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c
e9ca13 
index 16649f1..c9a5d50 100644
e9ca13 
--- a/ext/fileinfo/libmagic/cdf.c
e9ca13 
+++ b/ext/fileinfo/libmagic/cdf.c
e9ca13 
@@ -277,13 +277,15 @@ cdf_check_stream_offset(const cdf_stream_t *sst, const cdf_header_t *h,
e9ca13 
 {
e9ca13 
 	const char *b = (const char *)sst->sst_tab;
e9ca13 
 	const char *e = ((const char *)p) + tail;
e9ca13 
+	size_t ss = sst->sst_dirlen < h->h_min_size_standard_stream ?
e9ca13 
+	    CDF_SHORT_SEC_SIZE(h) : CDF_SEC_SIZE(h);
e9ca13 
 	(void)&line;
e9ca13 
-	if (e >= b && (size_t)(e - b) <= CDF_SEC_SIZE(h) * sst->sst_len)
e9ca13 
+	if (e >= b && (size_t)(e - b) <= ss * sst->sst_len)
e9ca13 
 		return 0;
e9ca13 
 	DPRINTF(("%d: offset begin %p < end %p || %" SIZE_T_FORMAT "u"
e9ca13 
 	    " > %" SIZE_T_FORMAT "u [%" SIZE_T_FORMAT "u %"
e9ca13 
 	    SIZE_T_FORMAT "u]\n", line, b, e, (size_t)(e - b),
e9ca13 
-	    CDF_SEC_SIZE(h) * sst->sst_len, CDF_SEC_SIZE(h), sst->sst_len));
e9ca13 
+	    ss * sst->sst_len, ss, sst->sst_len));
e9ca13 
 	errno = EFTYPE;
e9ca13 
 	return -1;
e9ca13 
 }
e9ca13 
--
e9ca13 
1.9.2
e9ca13

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation