]>
Commit | Line | Data |
---|---|---|
946a0956 AM |
1 | commit ab061f95ca966731b1c84cf5b7b20155c0a1c06a |
2 | Author: Jakub Zelenka <bukka@php.net> | |
3 | Date: Sat Oct 12 15:56:16 2019 +0100 | |
4 | ||
5 | Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043) | |
6 | ||
7 | diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c | |
8 | index 24a7e5d56a..50f92981f1 100644 | |
9 | --- a/sapi/fpm/fpm/fpm_main.c | |
10 | +++ b/sapi/fpm/fpm/fpm_main.c | |
11 | @@ -1209,8 +1209,8 @@ static void init_request_info(void) | |
12 | path_info = script_path_translated + ptlen; | |
13 | tflag = (slen != 0 && (!orig_path_info || strcmp(orig_path_info, path_info) != 0)); | |
14 | } else { | |
15 | - path_info = env_path_info ? env_path_info + pilen - slen : NULL; | |
16 | - tflag = (orig_path_info != path_info); | |
17 | + path_info = (env_path_info && pilen > slen) ? env_path_info + pilen - slen : NULL; | |
18 | + tflag = path_info && (orig_path_info != path_info); | |
19 | } | |
20 | ||
21 | if (tflag) { | |
22 |