rpms / rh-php73-php

Clone
Source Code
GIT

Blame SOURCES/php-CVE-2022-31626.patch

c7
  1.   c719fadda20ba4cff84a5a94fdfcc4de4e57d717
  2.   SOURCES
  3.   php-CVE-2022-31626.patch
Blob History Raw
c719fa 
From 9433de72e291db518357fe55531cc15432d43ec4 Mon Sep 17 00:00:00 2001
c719fa 
From: Stanislav Malyshev <smalyshev@gmail.com>
c719fa 
Date: Mon, 6 Jun 2022 00:56:51 -0600
c719fa 
Subject: [PATCH] Fix bug #81719: mysqlnd/pdo password buffer overflow
c719fa
c719fa 
(cherry picked from commit 58006537fc5f133ae8549efe5118cde418b3ace9)
c719fa 
---
c719fa 
 ext/mysqlnd/mysqlnd_wireprotocol.c | 3 ++-
c719fa 
 1 file changed, 2 insertions(+), 1 deletion(-)
c719fa
c719fa 
diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c
c719fa 
index 6459fe4964..1aee62c64e 100644
c719fa 
--- a/ext/mysqlnd/mysqlnd_wireprotocol.c
c719fa 
+++ b/ext/mysqlnd/mysqlnd_wireprotocol.c
c719fa 
@@ -768,7 +768,8 @@ php_mysqlnd_change_auth_response_write(MYSQLND_CONN_DATA * conn, void * _packet)
c719fa 
 	MYSQLND_VIO * vio = conn->vio;
c719fa 
 	MYSQLND_STATS * stats = conn->stats;
c719fa 
 	MYSQLND_CONNECTION_STATE * connection_state = &conn->state;
c719fa 
-	zend_uchar * buffer = pfc->cmd_buffer.length >= packet->auth_data_len? pfc->cmd_buffer.buffer : mnd_emalloc(packet->auth_data_len);
c719fa 
+	size_t total_packet_size = packet->auth_data_len + MYSQLND_HEADER_SIZE;
c719fa 
+	zend_uchar * const buffer = pfc->cmd_buffer.length >= total_packet_size? pfc->cmd_buffer.buffer : mnd_emalloc(total_packet_size);
c719fa 
 	zend_uchar * p = buffer + MYSQLND_HEADER_SIZE; /* start after the header */
c719fa
c719fa 
 	DBG_ENTER("php_mysqlnd_change_auth_response_write");

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation