[packages/php.git] / php-5.2.17-CVE-2011-1938.patch

diff -up php-5.2.17/ext/sockets/sockets.c.CVE-2011-1938 php-5.2.17/ext/sockets/sockets.c
--- php-5.2.17/ext/sockets/sockets.c.CVE-2011-1938	2011-08-19 08:40:08.000000000 +0700
+++ php-5.2.17/ext/sockets/sockets.c	2011-08-19 08:41:11.000000000 +0700
@@ -1176,6 +1176,10 @@ PHP_FUNCTION(socket_connect)
 			break;
 
 		case AF_UNIX:
+                    if (addr_len >= sizeof(s_un.sun_path)) {
+                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Path too long", php_sock->type);
+                        RETURN_FALSE;
+                    }
 			memset(&s_un, 0, sizeof(struct sockaddr_un));
 
 			s_un.sun_family = AF_UNIX;
Commit	Line	Data
fb98beff ER	1	diff -up php-5.2.17/ext/sockets/sockets.c.CVE-2011-1938 php-5.2.17/ext/sockets/sockets.c
	2	--- php-5.2.17/ext/sockets/sockets.c.CVE-2011-1938 2011-08-19 08:40:08.000000000 +0700
	3	+++ php-5.2.17/ext/sockets/sockets.c 2011-08-19 08:41:11.000000000 +0700
	4	@@ -1176,6 +1176,10 @@ PHP_FUNCTION(socket_connect)
	5	break;
	6
	7	case AF_UNIX:
	8	+ if (addr_len >= sizeof(s_un.sun_path)) {
	9	+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Path too long", php_sock->type);
	10	+ RETURN_FALSE;
	11	+ }
	12	memset(&s_un, 0, sizeof(struct sockaddr_un));
	13
	14	s_un.sun_family = AF_UNIX;