]>
Commit | Line | Data |
---|---|---|
44606c9b | 1 | PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of |
2 | memory via crafted binary data sent to a script that processes user | |
3 | input in the html_entity_decode function and sends the encoded results | |
4 | back to the client, aka a "binary safety" issue. NOTE: this issue has | |
5 | been referred to as a "memory leak," but it is an information leak that | |
6 | discloses memory contents. | |
7 | ||
8 | Patch pulled from cvs.php.net | |
9 | ||
10 | --- php-5.1.2/ext/standard/html.c 2006/01/01 12:50:14 1.111.2.1 | |
11 | +++ php-5.1.2/ext/standard/html.c 2006/02/25 21:32:11 1.111.2.2 | |
12 | @@ -884,7 +884,7 @@ | |
13 | unsigned char replacement[15]; | |
14 | int replacement_len; | |
15 | ||
16 | - ret = estrdup(old); | |
17 | + ret = estrndup(old, oldlen); | |
18 | retlen = oldlen; | |
19 | if (!retlen) { | |
20 | goto empty_source; |