]>
Commit | Line | Data |
---|---|---|
44606c9b | 1 | PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of |
2 | memory via crafted binary data sent to a script that processes user | |
3 | input in the html_entity_decode function and sends the encoded results | |
4 | back to the client, aka a "binary safety" issue. NOTE: this issue has | |
5 | been referred to as a "memory leak," but it is an information leak that | |
6 | discloses memory contents. | |
7 | ||
8 | Patch pulled from cvs.php.net | |
9 | ||
b1ac7c3c | 10 | --- php-4.4.2/ext/standard/html.c 2006/01/01 13:46:57 1.63.2.23.2.1 |
11 | +++ php-4.4.2/ext/standard/html.c 2006/02/25 21:33:06 1.63.2.23.2.2 | |
12 | @@ -793,7 +793,7 @@ | |
13 | enum entity_charset charset = determine_charset(hint_charset TSRMLS_CC); | |
44606c9b | 14 | unsigned char replacement[15]; |
b1ac7c3c | 15 | |
44606c9b | 16 | - ret = estrdup(old); |
17 | + ret = estrndup(old, oldlen); | |
18 | retlen = oldlen; | |
19 | if (!retlen) { | |
20 | goto empty_source; |