Search
j0ke.net Open Build Service
>
Projects
>
home:jg
:
playground
:
zpanel
>
zpphp
> php-5.3.3-CVE-2011-1471.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File php-5.3.3-CVE-2011-1471.patch of Package zpphp
https://bugzilla.redhat.com/show_bug.cgi?id=690915 http://svn.php.net/viewvc/?view=revision&revision=307917 (r287095 already included in 5.3.3) --- php-5.3.3/ext/zip/zip_stream.c.cve1471 +++ php-5.3.3/ext/zip/zip_stream.c @@ -30,11 +30,11 @@ struct php_zip_stream_data_t { /* {{{ php_zip_ops_read */ static size_t php_zip_ops_read(php_stream *stream, char *buf, size_t count TSRMLS_DC) { - int n = 0; + ssize_t n = 0; STREAM_DATA_FROM_STREAM(); if (self->za && self->zf) { - n = (size_t)zip_fread(self->zf, buf, (int)count); + n = zip_fread(self->zf, buf, count); if (n < 0) { int ze, se; zip_file_error_get(self->zf, &ze, &se); @@ -42,13 +42,15 @@ static size_t php_zip_ops_read(php_strea php_error_docref(NULL TSRMLS_CC, E_WARNING, "Zip stream error: %s", zip_file_strerror(self->zf)); return 0; } - if (n == 0 || n < count) { + /* cast count to signed value to avoid possibly negative n + * being cast to unsigned value */ + if (n == 0 || n < (ssize_t)count) { stream->eof = 1; } else { self->cursor += n; } } - return (n < 1 ? 0 : n); + return (n < 1 ? 0 : (size_t)n); } /* }}} */