Search
j0ke.net Open Build Service
>
Projects
>
internetx
:
php5
:
5.2.17
:
monolithic
>
php5-monolithic
> php-5.2.14-CVE-2012-0057.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File php-5.2.14-CVE-2012-0057.patch of Package php5-monolithic
http://svn.php.net/viewvc/?view=revision&revision=317759 http://svn.php.net/viewvc/?view=revision&revision=317801 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658088#22 Index: ext/xsl/xsltprocessor.c =================================================================== --- ext/xsl/xsltprocessor.c.orig +++ ext/xsl/xsltprocessor.c @@ -26,6 +26,7 @@ #include "php.h" #include "php_xsl.h" #include "ext/libxml/php_libxml.h" +#include "zend_ini.h" /* {{{ arginfo */ static @@ -478,6 +479,9 @@ static xmlDocPtr php_xsl_apply_styleshee int clone; zval *doXInclude, *member; zend_object_handlers *std_hnd; + int secPrefsError = 0; + int secPrefsIni; + xsltSecurityPrefsPtr secPrefs = NULL; node = php_libxml_import_node(docp TSRMLS_CC); @@ -523,9 +527,52 @@ static xmlDocPtr php_xsl_apply_styleshee } efree(member); - newdocp = xsltApplyStylesheetUser(style, doc, (const char**) params, NULL, NULL, ctxt); + secPrefsIni = INI_INT("xsl.security_prefs"); + + //if securityPrefs is set to NONE, we don't have to do any checks, but otherwise... + if (secPrefsIni != XSL_SECPREF_NONE) { + secPrefs = xsltNewSecurityPrefs(); + if (secPrefsIni & XSL_SECPREF_READ_FILE ) { + if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid)) { + secPrefsError = 1; + } + } + if (secPrefsIni & XSL_SECPREF_WRITE_FILE ) { + if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid)) { + secPrefsError = 1; + } + } + if (secPrefsIni & XSL_SECPREF_CREATE_DIRECTORY ) { + if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid)) { + secPrefsError = 1; + } + } + if (secPrefsIni & XSL_SECPREF_READ_NETWORK) { + if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid)) { + secPrefsError = 1; + } + } + if (secPrefsIni & XSL_SECPREF_WRITE_NETWORK) { + if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid)) { + secPrefsError = 1; + } + } + + if (0 != xsltSetCtxtSecurityPrefs(secPrefs, ctxt)) { + secPrefsError = 1; + } + } + + if (secPrefsError == 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't set libxslt security properties, not doing transformation for security reasons"); + } else { + newdocp = xsltApplyStylesheetUser(style, doc, (const char**) params, NULL, NULL, ctxt); + } xsltFreeTransformContext(ctxt); + if (secPrefs) { + xsltFreeSecurityPrefs(secPrefs); + } if (intern->node_list != NULL) { zend_hash_destroy(intern->node_list); Index: ext/xsl/php_xsl.h =================================================================== --- ext/xsl/php_xsl.h.orig +++ ext/xsl/php_xsl.h @@ -38,6 +38,7 @@ extern zend_module_entry xsl_module_entr #include <libxslt/xsltInternals.h> #include <libxslt/xsltutils.h> #include <libxslt/transform.h> +#include <libxslt/security.h> #if HAVE_XSL_EXSLT #include <libexslt/exslt.h> #include <libexslt/exsltconfig.h> @@ -49,6 +50,13 @@ extern zend_module_entry xsl_module_entr #include <libxslt/extensions.h> #include <libxml/xpathInternals.h> +#define XSL_SECPREF_NONE 0 +#define XSL_SECPREF_READ_FILE 2 +#define XSL_SECPREF_WRITE_FILE 4 +#define XSL_SECPREF_CREATE_DIRECTORY 8 +#define XSL_SECPREF_READ_NETWORK 16 +#define XSL_SECPREF_WRITE_NETWORK 32 + typedef struct _xsl_object { zend_object std; void *ptr; Index: ext/xsl/php_xsl.c =================================================================== --- ext/xsl/php_xsl.c.orig +++ ext/xsl/php_xsl.c @@ -137,6 +137,11 @@ zend_object_value xsl_objects_new(zend_c } /* }}} */ +PHP_INI_BEGIN() +//XSL_SECPREF_CREATE_DIRECTORY | XSL_SECPREF_WRITE_NETWORK |Â XSL_SECPREF_WRITE_FILE == 44 +PHP_INI_ENTRY("xsl.security_prefs", "44", PHP_INI_ALL, NULL) +PHP_INI_END() + /* {{{ PHP_MINIT_FUNCTION */ PHP_MINIT_FUNCTION(xsl) @@ -163,6 +168,13 @@ PHP_MINIT_FUNCTION(xsl) REGISTER_LONG_CONSTANT("XSL_CLONE_NEVER", -1, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("XSL_CLONE_ALWAYS", 1, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("XSL_SECPREF_NONE", XSL_SECPREF_NONE, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("XSL_SECPREF_READ_FILE", XSL_SECPREF_READ_FILE, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("XSL_SECPREF_WRITE_FILE", XSL_SECPREF_WRITE_FILE, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("XSL_SECPREF_CREATE_DIRECTORY", XSL_SECPREF_CREATE_DIRECTORY, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("XSL_SECPREF_READ_NETWORK", XSL_SECPREF_READ_NETWORK, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("XSL_SECPREF_WRITE_NETWORK", XSL_SECPREF_WRITE_NETWORK, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("LIBXSLT_VERSION", LIBXSLT_VERSION, CONST_CS | CONST_PERSISTENT); REGISTER_STRING_CONSTANT("LIBXSLT_DOTTED_VERSION", LIBXSLT_DOTTED_VERSION, CONST_CS | CONST_PERSISTENT); @@ -171,6 +183,8 @@ PHP_MINIT_FUNCTION(xsl) REGISTER_STRING_CONSTANT("LIBEXSLT_DOTTED_VERSION", LIBEXSLT_DOTTED_VERSION, CONST_CS | CONST_PERSISTENT); #endif + REGISTER_INI_ENTRIES(); + return SUCCESS; } /* }}} */ @@ -257,6 +271,8 @@ PHP_MSHUTDOWN_FUNCTION(xsl) xsltCleanupGlobals(); + UNREGISTER_INI_ENTRIES(); + return SUCCESS; } /* }}} */