diff options
Diffstat (limited to 'meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch')
-rw-r--r-- | meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch b/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch new file mode 100644 index 000000000..f2e23b3f0 --- /dev/null +++ b/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch | |||
@@ -0,0 +1,35 @@ | |||
1 | modphp: Security Advisory - php - CVE-2014-5120 | ||
2 | |||
3 | Upstream-Status: Backport | ||
4 | |||
5 | Signed-off-by Yue Tao <yue.tao@windriver.com> | ||
6 | |||
7 | From 706aefb78112a44d4932d4c9430c6a898696f51f Mon Sep 17 00:00:00 2001 | ||
8 | From: Stanislav Malyshev <stas@php.net> | ||
9 | Date: Mon, 18 Aug 2014 22:49:10 -0700 | ||
10 | Subject: [PATCH] Fix bug #67730 - Null byte injection possible with imagexxx | ||
11 | functions | ||
12 | |||
13 | --- | ||
14 | ext/gd/gd_ctx.c | 5 +++++ | ||
15 | 2 files changed, 7 insertions(+) | ||
16 | |||
17 | diff --git a/ext/gd/gd_ctx.c b/ext/gd/gd_ctx.c | ||
18 | index bff691f..eafbab5 100644 | ||
19 | --- a/ext/gd/gd_ctx.c | ||
20 | +++ b/ext/gd/gd_ctx.c | ||
21 | @@ -124,6 +124,11 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type, | ||
22 | RETURN_FALSE; | ||
23 | } | ||
24 | } else if (Z_TYPE_P(to_zval) == IS_STRING) { | ||
25 | + if (CHECK_ZVAL_NULL_PATH(to_zval)) { | ||
26 | + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid 2nd parameter, filename must not contain null bytes"); | ||
27 | + RETURN_FALSE; | ||
28 | + } | ||
29 | + | ||
30 | stream = php_stream_open_wrapper(Z_STRVAL_P(to_zval), "wb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL); | ||
31 | if (stream == NULL) { | ||
32 | RETURN_FALSE; | ||
33 | -- | ||
34 | 1.7.9.5 | ||
35 | |||