diff options
| author | taca <taca> | 2012-04-05 03:17:26 +0000 |
|---|---|---|
| committer | taca <taca> | 2012-04-05 03:17:26 +0000 |
| commit | def46f8a1d1599ded1d1c8f15160460f3109d2a7 (patch) | |
| tree | 35f7e2e17623a6e37eef84b4bcf689b04e6ededc | |
| parent | 6f0a420809a9695d397a20912c5eeb14b78924e2 (diff) | |
| download | pkgsrc-def46f8a1d1599ded1d1c8f15160460f3109d2a7.tar.gz | |
Add a patch to fix possible newline injection problem of header() function
from PHP 5.4.0. This is a small security fix.
Bump PKGREVISION.
| -rw-r--r-- | lang/php53/Makefile | 3 | ||||
| -rw-r--r-- | lang/php53/distinfo | 3 | ||||
| -rw-r--r-- | lang/php53/patches/patch-main_SAPI.c | 42 |
3 files changed, 46 insertions, 2 deletions
diff --git a/lang/php53/Makefile b/lang/php53/Makefile index 7276fd97bd9..6ba4cf09c8f 100644 --- a/lang/php53/Makefile +++ b/lang/php53/Makefile @@ -1,9 +1,10 @@ -# $NetBSD: Makefile,v 1.23 2012/02/03 03:10:33 taca Exp $ +# $NetBSD: Makefile,v 1.24 2012/04/05 03:17:26 taca Exp $ # # We can't omit PKGNAME here to handle PKG_OPTIONS. # PKGNAME= php-${PHP_BASE_VERS} +PKGREVISION= 1 CATEGORIES= lang HOMEPAGE= http://www.php.net/ diff --git a/lang/php53/distinfo b/lang/php53/distinfo index efb78ec6a97..803dac82acc 100644 --- a/lang/php53/distinfo +++ b/lang/php53/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.35 2012/02/03 03:10:34 taca Exp $ +$NetBSD: distinfo,v 1.36 2012/04/05 03:17:26 taca Exp $ SHA1 (php-5.3.10/php-5.3.10.tar.bz2) = 689d8463b5d9e24b9bf297e35826f2ebdb69afda RMD160 (php-5.3.10/php-5.3.10.tar.bz2) = acab30a19b340f21a64e06b524906f2b064dd1c9 @@ -17,5 +17,6 @@ SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83 SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48 SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e +SHA1 (patch-main_SAPI.c) = 8fd664c97cb9fa295ad8a1f42ed3e1b878554065 SHA1 (patch-main_streams_cast.c) = c169ccb73dc660e40eff9f9e168374f35eedadad SHA1 (patch-php__mssql.c) = b46c688ff2d8da33ca2f9beb0eb9182b6edf7e23 diff --git a/lang/php53/patches/patch-main_SAPI.c b/lang/php53/patches/patch-main_SAPI.c new file mode 100644 index 00000000000..093d9996dfa --- /dev/null +++ b/lang/php53/patches/patch-main_SAPI.c @@ -0,0 +1,42 @@ +$NetBSD: patch-main_SAPI.c,v 1.1 2012/04/05 03:17:26 taca Exp $ + +* Fix possible newline injection problem of header() function from PHP 5.4.0. + +--- main/SAPI.c.orig 2012-01-01 13:15:04.000000000 +0000 ++++ main/SAPI.c +@@ -590,16 +590,26 @@ SAPI_API int sapi_header_op(sapi_header_ + return FAILURE; + } + } else { +- /* new line safety check */ +- char *s = header_line, *e = header_line + header_line_len, *p; +- while (s < e && (p = memchr(s, '\n', (e - s)))) { +- if (*(p + 1) == ' ' || *(p + 1) == '\t') { +- s = p + 1; +- continue; ++ /* new line/NUL character safety check */ ++ int i; ++ for (i = 0; i < header_line_len; i++) { ++ /* RFC 2616 allows new lines if followed by SP or HT */ ++ int illegal_break = ++ (header_line[i+1] != ' ' && header_line[i+1] != '\t') ++ && ( ++ header_line[i] == '\n' ++ || (header_line[i] == '\r' && header_line[i+1] != '\n')); ++ if (illegal_break) { ++ efree(header_line); ++ sapi_module.sapi_error(E_WARNING, "Header may not contain " ++ "more than a single header, new line detected"); ++ return FAILURE; ++ } ++ if (header_line[i] == '\0') { ++ efree(header_line); ++ sapi_module.sapi_error(E_WARNING, "Header may not contain NUL bytes"); ++ return FAILURE; + } +- efree(header_line); +- sapi_module.sapi_error(E_WARNING, "Header may not contain more than a single header, new line detected."); +- return FAILURE; + } + } + |