rpms / rh-php70-php

Clone
Source Code
GIT

Blame SOURCES/php-7.0.27-CVE-2019-11043.patch

c7
  1.   06bbe9dcb0399dcb5ed91760b3c655530dfd964d
  2.   SOURCES
  3.   php-7.0.27-CVE-2019-11043.patch
Blob History Raw
06bbe9 
From 6e705460ff4f02358b9fb037169c53f4103a21b7 Mon Sep 17 00:00:00 2001
06bbe9 
From: Jakub Zelenka <bukka@php.net>
06bbe9 
Date: Sat, 12 Oct 2019 15:56:16 +0100
06bbe9 
Subject: [PATCH] Fix bug #78599 (env_path_info underflow can lead to RCE)
06bbe9 
 (CVE-2019-11043)
06bbe9
06bbe9 
cheery-picked from ab061f95ca966731b1c84cf5b7b20155c0a1c06a
06bbe9 
without the test as tester not available
06bbe9 
---
06bbe9 
 sapi/fpm/fpm/fpm_main.c | 4 ++--
06bbe9 
 1 file changed, 2 insertions(+), 2 deletions(-)
06bbe9
06bbe9 
diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c
06bbe9 
index 695839cd9a..88c7c9f118 100644
06bbe9 
--- a/sapi/fpm/fpm/fpm_main.c
06bbe9 
+++ b/sapi/fpm/fpm/fpm_main.c
06bbe9 
@@ -1208,8 +1208,8 @@ static void init_request_info(void)
06bbe9 
 								path_info = script_path_translated + ptlen;
06bbe9 
 								tflag = (slen != 0 && (!orig_path_info || strcmp(orig_path_info, path_info) != 0));
06bbe9 
 							} else {
06bbe9 
-								path_info = env_path_info ? env_path_info + pilen - slen : NULL;
06bbe9 
-								tflag = (orig_path_info != path_info);
06bbe9 
+								path_info = (env_path_info && pilen > slen) ? env_path_info + pilen - slen : NULL;
06bbe9 
+								tflag = path_info && (orig_path_info != path_info);
06bbe9 
 							}
06bbe9
06bbe9 
 							if (tflag) {
06bbe9

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation