Search
j0ke.net Open Build Service
>
Projects
>
home:jg
:
playground
:
zpanel
>
zpphp
> php-5.3.3-CVE-2012-1823.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File php-5.3.3-CVE-2012-1823.patch of Package zpphp
http://git.php.net/?p=php-src.git;a=commitdiff;h=55869a95ab75c0eb99c57201bfeccaef57e0d36d plus parentheses around getenv() call to avoid gcc warning https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1823 --- php-5.3.3/sapi/cgi/cgi_main.c.cve1823 +++ php-5.3.3/sapi/cgi/cgi_main.c @@ -70,6 +70,7 @@ #include "php_main.h" #include "fopen_wrappers.h" #include "ext/standard/php_standard.h" +#include "ext/standard/url.h" #ifdef PHP_WIN32 # include <io.h> @@ -1500,6 +1501,9 @@ int main(int argc, char *argv[]) #ifndef PHP_WIN32 int status = 0; #endif + char *query_string; + char *decoded_query_string; + int skip_getopt = 0; #if 0 && defined(PHP_DEBUG) /* IIS is always making things more difficult. This allows @@ -1549,7 +1553,16 @@ int main(int argc, char *argv[]) } } - while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) { + if((query_string = getenv("QUERY_STRING")) != NULL) { + decoded_query_string = strdup(query_string); + php_url_decode(decoded_query_string, strlen(decoded_query_string)); + if(*decoded_query_string == '-' && strchr(query_string, '=') == NULL) { + skip_getopt = 1; + } + free(decoded_query_string); + } + + while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) { switch (c) { case 'c': if (cgi_sapi_module.php_ini_path_override) {