Search
j0ke.net Open Build Service
>
Projects
>
home:jg
:
playground
:
zpanel
>
zpphp
> php-5.3.3-CVE-2012-2336.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File php-5.3.3-CVE-2012-2336.patch of Package zpphp
The first hunk of this patch is *mitigation* for use of bad wrappers scripts which are vulnerable to CVE-2012-2335. The second hunk of this patch fixes CVE-2012-2336: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2336 http://git.php.net/?p=php-src.git;a=commitdiff;h=7de4b75f74a817c3fead32710e04cd015bcc5360 --- php-5.3.3/sapi/cgi/cgi_main.c.cve2311 +++ php-5.3.3/sapi/cgi/cgi_main.c @@ -1553,10 +1553,15 @@ int main(int argc, char *argv[]) } } - if((query_string = getenv("QUERY_STRING")) != NULL) { + if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) { + /* we've got query string that has no = - apache CGI will pass it to command line */ + unsigned char *p; decoded_query_string = strdup(query_string); php_url_decode(decoded_query_string, strlen(decoded_query_string)); - if(*decoded_query_string == '-' && strchr(query_string, '=') == NULL) { + for (p = decoded_query_string; *p && *p <= ' '; p++) { + /* skip all leading spaces */ + } + if(*p == '-') { skip_getopt = 1; } free(decoded_query_string); @@ -1811,7 +1816,7 @@ consult the installation file that came } zend_first_try { - while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) { + while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) { switch (c) { case 'T': benchmark = 1;