[packages/php.git] / php-CVE-2019-11043.patch

commit ab061f95ca966731b1c84cf5b7b20155c0a1c06a
Author: Jakub Zelenka <bukka@php.net>
Date:   Sat Oct 12 15:56:16 2019 +0100

    Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)

diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c
index 24a7e5d56a..50f92981f1 100644
--- a/sapi/fpm/fpm/fpm_main.c
+++ b/sapi/fpm/fpm/fpm_main.c
@@ -1209,8 +1209,8 @@ static void init_request_info(void)
 								path_info = script_path_translated + ptlen;
 								tflag = (slen != 0 && (!orig_path_info || strcmp(orig_path_info, path_info) != 0));
 							} else {
-								path_info = env_path_info ? env_path_info + pilen - slen : NULL;
-								tflag = (orig_path_info != path_info);
+								path_info = (env_path_info && pilen > slen) ? env_path_info + pilen - slen : NULL;
+								tflag = path_info && (orig_path_info != path_info);
 							}
 
 							if (tflag) {
Commit	Line	Data
bbb6e535 AM	1	commit ab061f95ca966731b1c84cf5b7b20155c0a1c06a
	2	Author: Jakub Zelenka <bukka@php.net>
	3	Date: Sat Oct 12 15:56:16 2019 +0100
	4
	5	Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)
	6
	7	diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c
	8	index 24a7e5d56a..50f92981f1 100644
	9	--- a/sapi/fpm/fpm/fpm_main.c
	10	+++ b/sapi/fpm/fpm/fpm_main.c
	11	@@ -1209,8 +1209,8 @@ static void init_request_info(void)
	12	path_info = script_path_translated + ptlen;
	13	tflag = (slen != 0 && (!orig_path_info \|\| strcmp(orig_path_info, path_info) != 0));
	14	} else {
	15	- path_info = env_path_info ? env_path_info + pilen - slen : NULL;
	16	- tflag = (orig_path_info != path_info);
	17	+ path_info = (env_path_info && pilen > slen) ? env_path_info + pilen - slen : NULL;
	18	+ tflag = path_info && (orig_path_info != path_info);
	19	}
	20
	21	if (tflag) {
	22