php-CVE-2019-11043.patch

   1 commit ab061f95ca966731b1c84cf5b7b20155c0a1c06a
   2 Author: Jakub Zelenka <bukka@php.net>
   3 Date:   Sat Oct 12 15:56:16 2019 +0100
   4
   5     Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)
   6
   7 diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c
   8 index 24a7e5d56a..50f92981f1 100644
   9 --- a/sapi/fpm/fpm/fpm_main.c
  10 +++ b/sapi/fpm/fpm/fpm_main.c
  11 @@ -1209,8 +1209,8 @@ static void init_request_info(void)
  12                                                                 path_info = script_path_translated + ptlen;
  13                                                                 tflag = (slen != 0 && (!orig_path_info || strcmp(orig_path_info, path_info) != 0));
  14                                                         } else {
  15 -                                                               path_info = env_path_info ? env_path_info + pilen - slen : NULL;
  16 -                                                               tflag = (orig_path_info != path_info);
  17 +                                                               path_info = (env_path_info && pilen > slen) ? env_path_info + pilen - slen : NULL;
  18 +                                                               tflag = path_info && (orig_path_info != path_info);
  19                                                         }
  20
  21                                                         if (tflag) {
  22