]>
Commit | Line | Data |
---|---|---|
1 | ||
2 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4153 | |
3 | ||
4 | http://svn.php.net/viewvc?view=revision&revision=319442 | |
5 | ||
6 | --- php-5.3.3/ext/standard/syslog.c.cve4153 | |
7 | +++ php-5.3.3/ext/standard/syslog.c | |
8 | @@ -234,6 +234,9 @@ PHP_FUNCTION(openlog) | |
9 | free(BG(syslog_device)); | |
10 | } | |
11 | BG(syslog_device) = zend_strndup(ident, ident_len); | |
12 | + if(BG(syslog_device) == NULL) { | |
13 | + RETURN_FALSE; | |
14 | + } | |
15 | openlog(BG(syslog_device), option, facility); | |
16 | RETURN_TRUE; | |
17 | } | |
18 | --- php-5.3.3/Zend/zend_builtin_functions.c.cve4153 | |
19 | +++ php-5.3.3/Zend/zend_builtin_functions.c | |
20 | @@ -683,6 +683,9 @@ repeat: | |
21 | } | |
22 | c.flags = case_sensitive; /* non persistent */ | |
23 | c.name = zend_strndup(name, name_len); | |
24 | + if (c.name == NULL) { | |
25 | + RETURN_FALSE; | |
26 | + } | |
27 | c.name_len = name_len+1; | |
28 | c.module_number = PHP_USER_CONSTANT; | |
29 | if (zend_register_constant(&c TSRMLS_CC) == SUCCESS) { |