Search
j0ke.net Open Build Service
>
Projects
>
internetx
:
php5
:
5.2.17
:
monolithic
>
php5-monolithic
> php-5.2.14-CVE-2012-0807.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File php-5.2.14-CVE-2012-0807.patch of Package php5-monolithic
https://github.com/stefanesser/suhosin/commit/73b1968ee30f6d9d2dae497544b910e68e114bfa Index: ext/suhosin/header.c =================================================================== --- ext/suhosin/header.c.orig +++ ext/suhosin/header.c @@ -3,7 +3,7 @@ | Suhosin Version 1 | +----------------------------------------------------------------------+ | Copyright (c) 2006-2007 The Hardened-PHP Project | - | Copyright (c) 2007-2010 SektionEins GmbH | + | Copyright (c) 2007-2012 SektionEins GmbH | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | @@ -40,28 +40,20 @@ static int (*orig_header_handler)(sapi_h char *suhosin_encrypt_single_cookie(char *name, int name_len, char *value, int value_len, char *key TSRMLS_DC) { - char buffer[4096]; - char buffer2[4096]; - char *buf = buffer, *buf2 = buffer2, *d, *d_url; - int l; - - if (name_len > sizeof(buffer)-2) { - buf = estrndup(name, name_len); - } else { - memcpy(buf, name, name_len); - buf[name_len] = 0; - } + char *buf, *buf2, *d, *d_url; + int l; + + buf = estrndup(name, name_len); + name_len = php_url_decode(buf, name_len); - normalize_varname(buf); - name_len = strlen(buf); + normalize_varname(buf); + name_len = strlen(buf); if (SUHOSIN_G(cookie_plainlist)) { if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), buf, name_len+1)) { encrypt_return_plain: - if (buf != buffer) { - efree(buf); - } + efree(buf); return estrndup(value, value_len); } } else if (SUHOSIN_G(cookie_cryptlist)) { @@ -70,52 +62,34 @@ encrypt_return_plain: } } - if (strlen(value) <= sizeof(buffer2)-2) { - memcpy(buf2, value, value_len); - buf2[value_len] = 0; - } else { - buf2 = estrndup(value, value_len); - } + buf2 = estrndup(value, value_len); value_len = php_url_decode(buf2, value_len); d = suhosin_encrypt_string(buf2, value_len, buf, name_len, key TSRMLS_CC); d_url = php_url_encode(d, strlen(d), &l); efree(d); - if (buf != buffer) { - efree(buf); - } - if (buf2 != buffer2) { - efree(buf2); - } + efree(buf); + efree(buf2); return d_url; } char *suhosin_decrypt_single_cookie(char *name, int name_len, char *value, int value_len, char *key, char **where TSRMLS_DC) { - char buffer[4096]; - char buffer2[4096]; int o_name_len = name_len; - char *buf = buffer, *buf2 = buffer2, *d, *d_url; + char *buf, *buf2, *d, *d_url; int l; - if (name_len > sizeof(buffer)-2) { - buf = estrndup(name, name_len); - } else { - memcpy(buf, name, name_len); - buf[name_len] = 0; - } - + buf = estrndup(name, name_len); + name_len = php_url_decode(buf, name_len); - normalize_varname(buf); - name_len = strlen(buf); + normalize_varname(buf); + name_len = strlen(buf); if (SUHOSIN_G(cookie_plainlist)) { if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), buf, name_len+1)) { decrypt_return_plain: - if (buf != buffer) { - efree(buf); - } + efree(buf); memcpy(*where, name, o_name_len); *where += o_name_len; **where = '='; *where +=1; @@ -130,12 +104,7 @@ decrypt_return_plain: } - if (strlen(value) <= sizeof(buffer2)-2) { - memcpy(buf2, value, value_len); - buf2[value_len] = 0; - } else { - buf2 = estrndup(value, value_len); - } + buf2 = estrndup(value, value_len); value_len = php_url_decode(buf2, value_len); @@ -152,12 +121,8 @@ decrypt_return_plain: *where += l; efree(d_url); skip_cookie: - if (buf != buffer) { - efree(buf); - } - if (buf2 != buffer2) { - efree(buf2); - } + efree(buf); + efree(buf2); return *where; } @@ -240,7 +205,7 @@ int suhosin_header_handler(sapi_header_s } #endif - if (!SUHOSIN_G(allow_multiheader) && sapi_header && sapi_header->header) { + if (sapi_header && sapi_header->header) { tmp = sapi_header->header; @@ -256,6 +221,9 @@ int suhosin_header_handler(sapi_header_s if (!SUHOSIN_G(simulation)) { sapi_header->header_len = i; } + } + if (SUHOSIN_G(allow_multiheader)) { + continue; } else if ((tmp[0] == '\r' && (tmp[1] != '\n' || i == 0)) || (tmp[0] == '\n' && (i == sapi_header->header_len-1 || i == 0 || (tmp[1] != ' ' && tmp[1] != '\t')))) { char *fname = get_active_function_name(TSRMLS_C);