Search
j0ke.net Open Build Service
>
Projects
>
internetx
:
php5
:
5.2.17
:
monolithic
>
php5-monolithic
> php-5.2.14-CVE-2012-1823.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File php-5.2.14-CVE-2012-1823.patch of Package php5-monolithic
CVE-2012-1823 https://bugs.php.net/patch-display.php?bug=61910&patch=cgi.diff&revision=1335984315 plus CVE-2012-2311 https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff-fix-check.patch&revision=latest Index: sapi/cgi/cgi_main.c =================================================================== --- sapi/cgi/cgi_main.c.orig +++ sapi/cgi/cgi_main.c @@ -62,6 +62,7 @@ #include "php_main.h" #include "fopen_wrappers.h" #include "ext/standard/php_standard.h" +#include "ext/standard/url.h" #ifdef PHP_WIN32 #include <io.h> #include <fcntl.h> @@ -1354,6 +1355,10 @@ int main(int argc, char *argv[]) int status = 0; #endif #endif /* PHP_FASTCGI */ + + char *query_string; + char *decoded_query_string; + int skip_getopt = 0; #if 0 && defined(PHP_DEBUG) /* IIS is always making things more difficult. This allows @@ -1408,7 +1413,16 @@ int main(int argc, char *argv[]) } #endif - while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0)) != -1) { + if(query_string = getenv("QUERY_STRING")) { + decoded_query_string = strdup(query_string); + php_url_decode(decoded_query_string, strlen(decoded_query_string)); + if(*decoded_query_string == '-' && strchr(query_string, '=') == NULL) { + skip_getopt = 1; + } + free(decoded_query_string); + } + + while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0)) != -1) { switch (c) { case 'c': if (cgi_sapi_module.php_ini_path_override) {