]>
Commit | Line | Data |
---|---|---|
fb98beff ER |
1 | diff -up php-5.2.17/ext/sockets/sockets.c.CVE-2011-1938 php-5.2.17/ext/sockets/sockets.c |
2 | --- php-5.2.17/ext/sockets/sockets.c.CVE-2011-1938 2011-08-19 08:40:08.000000000 +0700 | |
3 | +++ php-5.2.17/ext/sockets/sockets.c 2011-08-19 08:41:11.000000000 +0700 | |
4 | @@ -1176,6 +1176,10 @@ PHP_FUNCTION(socket_connect) | |
5 | break; | |
6 | ||
7 | case AF_UNIX: | |
8 | + if (addr_len >= sizeof(s_un.sun_path)) { | |
9 | + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Path too long", php_sock->type); | |
10 | + RETURN_FALSE; | |
11 | + } | |
12 | memset(&s_un, 0, sizeof(struct sockaddr_un)); | |
13 | ||
14 | s_un.sun_family = AF_UNIX; |