[packages/php.git] / php-CVE-2006-1490.patch

PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of
memory via crafted binary data sent to a script that processes user
input in the html_entity_decode function and sends the encoded results
back to the client, aka a "binary safety" issue. NOTE: this issue has
been referred to as a "memory leak," but it is an information leak that
discloses memory contents.

Patch pulled from cvs.php.net

--- php-5.1.2/ext/standard/html.c	2006/01/01 12:50:14	1.111.2.1
+++ php-5.1.2/ext/standard/html.c	2006/02/25 21:32:11	1.111.2.2
@@ -884,7 +884,7 @@
 	unsigned char replacement[15];
 	int replacement_len;
 
-	ret = estrdup(old);
+	ret = estrndup(old, oldlen);
 	retlen = oldlen;
 	if (!retlen) {
 		goto empty_source;
Commit	Line	Data
44606c9b	1	PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of
	2	memory via crafted binary data sent to a script that processes user
	3	input in the html_entity_decode function and sends the encoded results
	4	back to the client, aka a "binary safety" issue. NOTE: this issue has
	5	been referred to as a "memory leak," but it is an information leak that
	6	discloses memory contents.
	7
	8	Patch pulled from cvs.php.net
	9
	10	--- php-5.1.2/ext/standard/html.c 2006/01/01 12:50:14 1.111.2.1
	11	+++ php-5.1.2/ext/standard/html.c 2006/02/25 21:32:11 1.111.2.2
	12	@@ -884,7 +884,7 @@
	13	unsigned char replacement[15];
	14	int replacement_len;
	15
	16	- ret = estrdup(old);
	17	+ ret = estrndup(old, oldlen);
	18	retlen = oldlen;
	19	if (!retlen) {
	20	goto empty_source;