git Service のサービス IN-Ulm e.V. エクスプローラ ヘルプ
サインイン
cbiedl
/
file
1
0
フォーク 0
ファイル プルリクエスト 0 Wiki
ツリー: 41740c1441
ブランチ タグ
file
/
debian
/
patches
/
CVE-2015-8865.6713ca4.patch

CVE-2015-8865.6713ca4.patch 839 B
履歴 Raw

123456789101112131415161718192021222324 
  1. Subject: Buffer over-write in finfo_open with malformed magic file
    2. 

  2. ID: CVE-2015-8865
    3. 

  3. Upstream-Author: Christos Zoulas <christos@zoulas.com>
    4. 

  4. Author: Christos Zoulas <christos@zoulas.com>
    5. 

  5. Date: Wed Jun 3 18:01:20 2015 +0000
    6. 

  6. Origin: FILE5_22-75-g6713ca4
    7. 

  7. Origin: https://bugs.php.net/bug.php?id=71527 (Original bug report)
    8. 

  8. Origin: http://bugs.gw.com/view.php?id=522 (bug report for file)
    9. 

  9. 

  10.     [ Original description: ]
    11. 

  11.     PR/454: Fix memory corruption when the continuation level jumps by more than
    12. 

  12.     20 in a single step.
    13. 

  13. 

  14. --- a/src/funcs.c
    15. 

  15. +++ b/src/funcs.c
    16. 

  16. @@ -401,7 +401,7 @@
    17. 

  17.  	size_t len;
    18. 

  18.  
    19. 

  19.  	if (level >= ms->c.len) {
    20. 

  20. -		len = (ms->c.len += 20) * sizeof(*ms->c.li);
    21. 

  21. +		len = (ms->c.len = 20 + level) * sizeof(*ms->c.li);
    22. 

  22.  		ms->c.li = CAST(struct level_info *, (ms->c.li == NULL) ?
    23. 

  23.  		    malloc(len) :
    24. 

  24.  		    realloc(ms->c.li, len));
    25.